Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN access to internal network

Status
Not open for further replies.
f2b

f2b

Technical User
Joined
Jul 4, 2003
Messages
98
Location
ES
Hi
I've been given the task to set up VPN tunnel access to local HQ from home & office and from two offices in two different countries. Total around 6-8 VPN tunnels.

We have a Cisco 2811 at HQ with a WIC 1ADSL card for WAN access (8Meg link).
We do not have any routers on external sites except the ISP provided ones for ADSL.

I could to do a test from my PC at home to HQ. I have the details of how to set up VPN but would like help on setting this up on the Cisco.
Everywhere I see they mention VPN Servers, VPN gateways. We have neither of there unless the 2800 can be a VPN gateway.

I hope somebody can help.

Thanks
Andre





 
Sort by date Sort by votes
Hrm....does the 2811 have a built in firewall?! I didn't see any listed on a quick look at the specs of the system.

Additional question, what are your off site locations using for a firewall??

If nothing and if the 2811 lacks a firewall then I would recommend looking into the PIX 500 series, depending on the size of each location, network overhead, etc...

These are simple to impliment and VPN tunnel creation is, literally, five minutes worth of work. One thing to consider as part of your implimentation is how you want users to authenticate. Look into createing a CA on your network (my advice at least) to provide scalability and functionality.
 
Upvote 0 Downvote
One last thing, if each site has a firewall...read the specs on its support of VPN's.
 
Upvote 0 Downvote
Thanks for the info.

The remote sites are quite small. Ranging from 1 pc (home). This could be a director or IT support. Then there are several offices worldwide. These are up to 5 pc's except one with about 15 pc's.
The only firewall they will have is on their PC's.

The 2811 has no built-in firewall and I see what you are getting at. So the pix ??? would sit just behind the 2811 and connected directly to the LAN. The local LAN here in HQ is all 192.168.xx.0 /24 There are 2 more segments also in the 192.168.xx.0 private network. So just 3 networks. Which pix would you recommend?

Thanks
Andre

 
Upvote 0 Downvote
For such a small network and small number of users...I would look into the Pix 506 may work...but this is a link to the 500 series


I would place the 2811 internal to the Pix. This would allow for better defense of the router and have the firewall handle/control all traffic.

If your users are going to be utilizing local firewalls and you DO go with a Pix I would recommend the following setup.

1. Create an Internal CA.
2. Have the Pix point back to the CA for authentication.
3. Use the Cisco VPN client and the certificates for your users to allow them to authenticate to the network.

This will give you some more control over the flexibility of the network without having to have a VPN "End point" (IE. Another Pix) at each location.
 
Upvote 0 Downvote
Ok thanks.

My apologies, but you mention the Cisco VPN client. Currently all we have is the 2811. I don't have a large budget for this project so am I looking at a VPN gateway aswell? If so then may have to forfeit the PIX for now. Or is the PIX a must?

Thanks
Andre






 
Upvote 0 Downvote
The PIX with unlimited licensing (506), AES and 3DES encryption enabled is about 1k. This includes the VPN client.

I recommend using certificates because you can easily control/revoke a users login rights through the VPN. If this isn't the best case (due to budget and not having an available box that can fullfill another role). Then there are other ways to take this using the PIX.
 
Upvote 0 Downvote
I've been hit by another solution. OpenVPN.
Is this a adequate possibility?

Thanks
Andre
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Locked
  • Question Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
1K
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question Question
How to Create an site to site VPN
Replies
1
Views
870
sircles
sircles
sarahz2
  • Locked
  • Question Question
Best vpn safe and fast
Replies
4
Views
1K
GlobeTrekkerGal
GlobeTrekkerGal
ramblingrebel
  • Locked
  • Question Question
Built-in Windows 10 VPN
Replies
1
Views
902
Joon Smith
Joon Smith
F
  • Locked
  • Solved
some IP Phone not working over site-to-site OpenVPN, packets modified on other side of tunnel
Replies
1
Views
2K
FrankSider12
F

Part and Inventory Search

Sponsor

Back
Top