Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

When to Use IPSec Tunnels?

Status
Not open for further replies.

HercuLeeZ

Technical User
Joined
May 10, 2003
Messages
1
Location
CA
Hi all,
I've just stumbled across your forums today, and I have to say that I'm very glad I did! You seem to be an awfully helpful bunch! As such, I hope I don't waste too much of your valuable time with my little predicament.

The big picture is I have 50 sites I would like to administer remotely for basic maintenance and troubleshooting. The complicating factor is that 25 of these sites are on DSL, and while the other 25 are still languishing on dialup. All of the sites on DSL are behind Linksys BEFSR class routers. The dialup sites do not have any physical security device of any kind.

In my efforts to administer these sites, I have decided to use TightVNC, as it will probably be best for both types of sites. In order to secure the computer that I will be connecting to on the other end, I have chosen a non-default port for each site, ensured strong passwords, and edited the registry of the VNC Server machine to only accept machines from behind my IP. Further, VNC is not running as a service (it must be explicitly launched by the user in need of service). I should also point out that the computers that will be supported over dial-up would only be connected to the internet for a few hours (10-15) per week. I will be trying to administer all of this from behind a Cisco PIX 501 Firewall, which we NAT Web, Telnet and Citrix services through.

So, with all of this said, my questions are as follows: Can I configure my PIX 501 to create outgoing IPSec tunnels on demand to any of the 25 sites that have a Linksys Router? If so, should I? Will this in anyway add overhead to already limited bandwidth I need to connect to the dial-up sites? Lastly, if I can and should create IPSec tunnels, how do I do this? ;-D

Anyway, I know I have bigger problems that IPSec tunnels, but any advice would be very much appreciated! Thanks so much, keep up the good work, and I will try and learn from your lessons!

Humbly,

Herc
 
Good luck with vnc on dial-up... Its laggy enough via dsl/cable modem, and it doesn't play well with alot of other win apps.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top