Is this possible : VPN Configuration
 




IT Certification FAQ
 
|
Home
 |
Microsoft
 |
CISCO
 |
CompTIA
 |
Exam/Study FAQ
 |
Employment FAQ
 | Links  | Forums  |
Book Reviews


FAQFAQ  SearchSearch  MemberlistMemberlist  UsergroupsUsergroups  RegisterRegister  ProfileProfile  Log in to check your private messagesPrivate messages  Log inLog in

Is this possible : VPN Configuration

 
Post new topic   Reply to topic    Forum Index -> comp.dcom.sys.cisco
Author Message
Stewart
Guest
PostPosted: Fri Apr 28, 2006 4:50 am    Post subject: Is this possible : VPN Configuration Reply with quote
I have 3 PIX 501 firewalls running PPOE ADSL connections.

Head Office
2 * Remote locations

We need to extend the configuration to include some VPN features:

Office
PAT (I think this is the term) - external inbound connections (eg port
80 443 5060 etc) - WORKING
Software VPNClient will connect to this point (users travelling need to
access the office network) - WORKING
Hardware VPN Host (Server)
Radius SERVER authentication for software VPN clients - WORKING
Provides primary internet connection for this location

Remote1
PAT (I think this is the term) - external inbound connections (eg port
80 443 5060 etc) - WORKING
Software VPNClient will connect to this point (users travelling need to
access the office network)
Hardware VPN will connect to Office - needs to be in NEM mode - both
sides should be able to see resources on both sides
Provides primary internet connection for this location - this means we
need split tunnel for the VPN connection???

Remote2
Software VPNClient will connect to this point (I believe that users in
remote1 location would need to do this to access resources in this
location?)
Hardware VPN will connect to Office - needs to be in NEM mode - both
sides should be able to see resources on both sides
No external internet access required here

Is this possible? I have read a range of materials much of which is
confusing for the inexperienced. Some of the items concerning me are

PAT cant be done whilst the Hardware vpn is configured?
Software and Hardware VPN hosts (servers) cant coexist on same device
Remote1 cant route to Remote2 (in out not allowed rule on one interface???)

Where do I go to start to get a working config for this?

How does the addressing work on the internal networks?

At the moment I have PPOE connection going ok and the inbound PAT stuff
working with software VPN authenticating against a separate RADIUS server.
We have successfully connected (I think) from Remote1 to Office with
hardware vpn but Office then lost all internet access.

Thanks

Stewart
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Forum Index -> comp.dcom.sys.cisco All times are GMT
Page 1 of 1

 

Copyright © 2002-2006 Web-S-Sense Pty. Ltd. All rights reserved.

Powered by phpBB
Advertising | Policies/Disclaimers | Contact us | Link to us

Featured Sites: Free Antivirus and Antispyware Info | Free PC Support | MCSE Directory