I have an infrastructure with two physical locations which we are connecting via a Site-to-Site VPN. Only one side has a static IP from the ISP whilst the other site does not as the ISP there does not offer static IP services. Long story short, we do not own the line at SiteB so cannot switch providers etc.
SiteA (Static IP) and SiteB (Dynamic IP).
Our issue is not so much about the VPN setup but we have services running at SiteB which requires the IP address to be Whitelisted for security reasons. This is a long shot but are there any methods to setup SiteB's network so that any outbound connection will report SiteA's IP address?
I've seen some home Client-Server VPN solutions where client IP can report the server's IP address. Not sure how we can approach this at the "Business/Enterprise" level and if Client-Server VPN setup would solve our problem or any Site-to-Site VPN solution to achieve the same?
TIA
It sounds like what you are looking for is to turn off “split-tunneling.”
Generally speaking, when a VPN connection is established ALL traffic flows through the VPN. This means that internet bound traffic from Site B will flow through the VPN to Site A and egress out Site A’s internet connection. To the outside world it looks like the traffic is coming from Site A.
With Split-Tunneling turned on, only traffic of interest (i.e. private subnets between Site A and B) is sent through the VPN, while all other general internet traffic egresses Site B’s internet connection.
You can either tunnel all traffic through the VPN, or if the destinations that need a whitelist have static IP addresses, you can tunnel just those IP addresses through the VPN.
Depending on your VPN bandwidth, tunneling all traffic through the VPN may be quite a drag on your internet performance at Site B and cause a significant problem for your end users. In any case, VPN adds some overhead so it will always slow your network traffic a little.
There is no way for Site B to “assume” Site A’s IP address. That is not technically possible unless you are a large company capable of obtaining your own ASN address and controlling your own routing on the internet backbone, and even if you are, you cant have traffic destined to the same IP address reliably delivered to two different physical locations at the same time.