IPSec VPN to multiple partners.

Unanswered Question
Sep 10th, 2009
User Badges:
  • Bronze, 100 points or more

Hello, trying to figure out a good design for connecting multiple partners to our network. I currently have allocated to the task one router and one ASA5510. Having problems with my initial design concept and am looking for guidance on a new one.


The problem is this. We will need to connect to each partner via a different IPSec tunnel using pre-shared keys, each vendor might have different requirements for their tunnel, such as encryption type, etc. Each partner will then need to be ACL'd off to only allow access to those resources they've been approved for, or to allow our employees access to resources on their network(s). To one partner we might be able to just do simple PAT, allow all of our internal hosts to connect with a few of their hosts and share one outbound IP address. Another partner might require that we not use our internal RFC 1918 addresses, but instead provide them with public IP addresses and NAT them to our internal servers IP addresses.


I was thinking of using VLANS on the ASA and terminating each tunnel on a separate VLAN interface. But then while each partner would get its own "outside" interface for NAT, they would be sharing an "inside" interface.


Pretty new at this, looking for the best way to go on it. Any suggestions and/or configuration examples would be greatly appreciated!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Craig Norborg Thu, 09/10/2009 - 12:34
User Badges:
  • Bronze, 100 points or more

Hmm... We already have something similar to this for our client based VPN solution. Maybe I wasn't clear enough that this is a site-to-site VPN I'm working on now. So these partners will be connected 24x7 and will not have distinct client sessions that I can apply a policy to.


Collin Clark Thu, 09/10/2009 - 11:50
User Badges:
  • Purple, 4500 points or more

Each partner connection would be distinct though correct? You can then apply group policy to each of those. Or am I still not understanding something?

Actions

This Discussion