cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6221
Views
0
Helpful
3
Replies

Cisco VPN Client/Safenet SofToken II/ VPN Concentrator --->Bank VPN Conctr

bkalstad
Level 1
Level 1

I have a request from Fleet support users to open up UDP 500/10000 for IPSEC access from a Banks VPN Dialer Software (using Cisco VPN Client Software and SofToken II), to connect to this bank's VPN Concentrator. My question is is there a way I can configure my local 3030 Concentrator so the user can log in local to TxDOT's concentrator and connect to this banks's concentrator so I will have better internal Security. I haven't been able to talk with the banks Network person yet, but I'd assume they may hesitate to allow a LAN-LAN VPN connection.

Therefore, any suggestion on configurations on how to use my :Local Concentrator as a relay between the VPN client software and the banks' Concentrator. Any hints/tips/advice is greatly appreciated.

Brian Kalstad

3 Replies 3

Nelson Rodrigues
Cisco Employee
Cisco Employee

Brian,

The clients that connect to your VPN 3000 must be assigned an IP in a network that is being tunneled across the L2L to the Bank VPN 3000.

So if you LAN-to-LAN is configured for Network Lists, then define the IP Address pools , to hand out to the clients, from a network in the NetList

This should work!!!

Nelson

Ok, that helps, but if the bank is hesitant about doing the LAN-2-LAN VPN, is there a way I can "proxy" my 3030 as the client, and have my user login to my Concentrator to connect to the bank. All the user does once the VPN is connected is TN3270 (port 23) to the bank's mainframe. Any ideas?

Brian Kalstad

I am afraid it is not possible. Unless you have a LAN-LAN setup which can be used to route the traffic over to the banks' VPN3K.

Workaround:

The Bank folks can lockdown (if needed) the ports with which you connect via LAN-LAN and allow only TN3270 session through, while at the same time clients connecting to your VPN3K can aslo be restricted to be allowed TN3270 traffic using filter on the group.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: