;

Working with the Access Groups IP-to-IP mode

Modified on Mon, 18 Sep 2023 at 06:00 PM

Introduction to IP-to-IP mode

IP-to-IP mode is designed to facilitate point-to-point communication between two or more IP endpoints residing within the local area network (LAN) behind Tosibox Nodes. In this operational context, ingress and egress traffic flows within an Access Group are explicitly confined to manually prespecified IP address tuples, thereby enforcing granular and controlled data exchange.



Example

In the above illustration orange camera on the Node A LAN can be configured to communicate with the orange server on the Node B LAN, but the camera won’t have access to any other server or vice versa. You can also limit access to certain protocols or services only by defining the port or port range.  


IP level access rules are created with the IP Addresses area settings in the Edit access group view. Checking the IP-to-IP mode for traffic between locks checkbox enables the mode. With the IP-to-IP mode is enabled Allow traffic between Locks is automatically disabled. These two modes are mutually exclusive.


Steps to configure above example

  • Add the Node A and Node B in the same Access Group
  • Turn the IP-to-IP mode on
  • Enter the IP addresses of the camera and the server that need to communicate together

The same restrictions can be extended to multiple IP addresses within the same Access Group if needed. All defined addresses will have access to each other.


Virtual Central Lock LAN to Node LAN access

IP-to-IP mode allows creating connections on IP level from the LAN side of one or more Nodes to the LAN side of the Virtual Central Lock. Both the Node LAN device IP address and the Virtual Central Lock LAN device IP address must be defined on the IP Addresses list.

Node LAN to Node LAN access

IP-to-IP mode allows creating connections on IP level from the LAN side of one Node to the LAN side of another Node. With the IP-to-IP mode it is possible to limit the access between the LAN side devices even if there are more devices present on the Node LANs. The IP address of both Node LAN devices must be defined on the IP Addresses list.

Key access

If Key users are added in the same Access Group their access is limited to listed IP addresses. Note that IP-to-IP mode is designed to function optimally between network devices. It is recommended to configure Key access with a separate Access Group.


If Keys are added, they will not have access to Node management Web UI by default. If Key user is expected to have access to the Node Web UI the Node LAN IP address and Key unique IP address must be defined on the IP Addresses list.


If two-way communication is required between the Key and the defined IP address, the Key unique IP must be defined on the IP Addresses list for this to be possible.