Cisco VPN Client/Safenet SofToken II/ VPN Concentrator --->Bank VPN Conctr

Unanswered Question
Nov 1st, 2002

I have a request from Fleet support users to open up UDP 500/10000 for IPSEC access from a Banks VPN Dialer Software (using Cisco VPN Client Software and SofToken II), to connect to this bank's VPN Concentrator. My question is is there a way I can configure my local 3030 Concentrator so the user can log in local to TxDOT's concentrator and connect to this banks's concentrator so I will have better internal Security. I haven't been able to talk with the banks Network person yet, but I'd assume they may hesitate to allow a LAN-LAN VPN connection.

Therefore, any suggestion on configurations on how to use my :Local Concentrator as a relay between the VPN client software and the banks' Concentrator. Any hints/tips/advice is greatly appreciated.

Brian Kalstad

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
Nelson Rodrigues Fri, 11/01/2002 - 09:41

Brian,

The clients that connect to your VPN 3000 must be assigned an IP in a network that is being tunneled across the L2L to the Bank VPN 3000.

So if you LAN-to-LAN is configured for Network Lists, then define the IP Address pools , to hand out to the clients, from a network in the NetList

This should work!!!

Nelson

bkalstad Fri, 11/01/2002 - 11:07

Ok, that helps, but if the bank is hesitant about doing the LAN-2-LAN VPN, is there a way I can "proxy" my 3030 as the client, and have my user login to my Concentrator to connect to the bank. All the user does once the VPN is connected is TN3270 (port 23) to the bank's mainframe. Any ideas?

Brian Kalstad

tbukhari Wed, 01/15/2003 - 11:48

I am afraid it is not possible. Unless you have a LAN-LAN setup which can be used to route the traffic over to the banks' VPN3K.

Workaround:

The Bank folks can lockdown (if needed) the ports with which you connect via LAN-LAN and allow only TN3270 session through, while at the same time clients connecting to your VPN3K can aslo be restricted to be allowed TN3270 traffic using filter on the group.

Actions

Login or Register to take actions

This Discussion

Posted November 1, 2002 at 8:20 AM
Stats:
Replies:3 Avg. Rating:
Views:3124 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard