secured internet access to my server from outside

Unanswered Question
Mar 24th, 2010
User Badges:

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Tableau Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

Hello

I have a network that works well

The Cisco 2821 router serves as my gateway to the Internet

And I have several servers on my network. Users who are in their offices have access to the servers without problem.

I want users who are outside of our offices can also access these servers from the Internet,

This access must be secured, and should require no extra investment for these external users (router, VPN client ....)

These users use Windows XP or vista and Internet Explorer.

What equipment can I use between Cisco 2821 and internet to secure the internet access to my server from outside

Cisco ASA can work ? if yes which one ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Wed, 03/24/2010 - 11:26
User Badges:
  • Purple, 4500 points or more

Since you can't alter the client with something like a VPN client, you should look into securing the application. For example if it's a web app, consider getting an SSL certificate.



Cisco will donate $1 to the Red Cross Haiti fund for every rated post!

https://supportforums.cisco.com/docs/DOC-8727


http://www.joomlatabs.com/thermometer/thermo.php?max=10000&current=82&var=lt&color=red

nicanor00 Thu, 03/25/2010 - 01:05
User Badges:

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Tableau Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

Users can create a VPN on Windows and connect to the server
The goal for me is to invest only in the office, I can buy for example the ASA 5505 or 5510 or 5520

And connect it between Cisco 2821 and internet

But users must connect without additional investment

Does this windows VPN connection can work?
Is it secure ?

Collin Clark Thu, 03/25/2010 - 06:08
User Badges:
  • Purple, 4500 points or more

I've never setup windows to connect to a Cisco device for VPN, but I believe it is possible. If you can install the Cisco VPN client on the users PC then you can go that way (the Cisco VPN client is much better than Windows native client) and terminate the VPN on the router itself. You may have to upgrade the IOS on the router to support VPN, but that would be your only investment.


Here's a configuration example of the configuration.

http://www.cisco.com/en/US/partner/tech/tk583/tk372/technologies_configuration_example09186a00800946b7.shtml

nicanor00 Thu, 03/25/2010 - 08:29
User Badges:

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Tableau Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;} Hello
I have a headquarter and 2 agencies, the agencies are connected to a headquarter site with VPN link
On each of 2 agencies there is a Cisco 2801 and Cisco 2821 router at the headquarter

Assuming that each user can install the Cisco vpn client on his pc to connect to the server at the headquarter via internet

I am planing to install also CCME on the cisco 2821
Does the router 2821 will be sufficient to manage these connections(VPN conexion from the 2 agencies and user conexion from internet), or will I need a Cisco ASA for better security?and manage voice call on my network


Which version of IOS do I need on cisco 2821 ?

If I need ASA, which ASA is the good one ?

Attachment: 
Collin Clark Thu, 03/25/2010 - 09:33
User Badges:
  • Purple, 4500 points or more

A 2821 should be able to handle all the VPN and the voice (depending on the number of users of course). You would need Advanced IP Serveices to get both the Voice and Security feature sets.

nicanor00 Thu, 03/25/2010 - 10:02
User Badges:

So cisco 2821 can handle both agencies vpn conexion and internet user conexion ?


there is a maximum number of user about VPN that 2821 can support ?

andre.ortega Thu, 03/25/2010 - 10:39
User Badges:
  • Bronze, 100 points or more
  • Participante em Destaque,

    Escolha da Audiência, Maio de 2015

The 2821 support 250 Tunnels without VPN module and 1500 tunnels com AIM-VPN/EPII-PLUS.

Actions

This Discussion