Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
337
Views
0
Helpful
5
Replies

how to add encryption to remote access network

kvrmurty
Level 1
Level 1

‎02-12-2003 08:41 PM - edited ‎03-02-2019 05:03 AM

How do we add encryption to an already exisiting remote access network of AS5300 access servers and dial users. Dial method to access the AS5300 in the corporate backbone is via the PSTN network and not via internet. Current ly we use radius to authenticate the users and the IP address pool is provided by the AS5300.

Labels:
0 Helpful
5 Replies 5

ndoshi
Cisco Employee
Cisco Employee

‎02-15-2003 08:31 PM

Hi ,

Best way to encrypt over access is using ipsec over async.

0 Helpful

kvrmurty
Level 1
Level 1
In response to ndoshi

‎02-16-2003 08:56 PM

Hi,

Do you have sample config by which we can do ipsec over async since i dont have a clue asto how it works .The diagram below is the present setup

dialuser----PSTN------AS5300---Radius LAN and backbone LAN.

The ipaddress pool is provided by the AS5300 based on user config stored in RADIUS (ACS v.3.0) running on w2k server. Can we use the VPN concentrator ( cisco 3015) behind the AS5300 towards the RADIUS LAN in the above diagram. Will there be a new set of IPs required by the VPN concentrator in addition to what is provided by the AS5300 inorder to run IPsec tunnels to the VPN client.

0 Helpful

tepatel
Cisco Employee
Cisco Employee

‎02-16-2003 11:33 AM

For that dialin client needs to have some sort of VPN client installed on PC..So You can use PPTP with MPPE for that. You need to have PPTP tunnel server for that to terminate the encrypted tunnels.

So the network diagram will look like

dialup client......PSTN.....AS5300......Tunnel server.....AAA (ACS)...

Here is the sample config for that

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t5/dt_pptp.htm

Configuring CiscoSecure ACS for Windows Router PPTP Authentication

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a008009436a.shtml

0 Helpful

kvrmurty
Level 1
Level 1
In response to tepatel

‎02-17-2003 09:04 AM

Can we use a VPN concentrator as the tunnel server and use VPN client supplied alongwith. Also if we need to run IPsec over it will there be two sets of IP address pools required viz., one for use by the AS5300 and the other pool by the VPN concentrator.

I went thru the above URL but ther is no mention of IPSec encrption which we need. Is there a config available with IPSec encryption added to the above setup as drawn by you above.

Thanks...

0 Helpful

tepatel
Cisco Employee
Cisco Employee
In response to kvrmurty

‎02-17-2003 10:04 AM

YES.. you can use IPSEC with VPN concentrator. Here is the url where you will find lots of sample configs with it.

http://www.cisco.com/cgi-bin/Support/browse/psp_view.pl?p=Internetworking:IPSec&viewall=true

0 Helpful
Customers Also Viewed These Support Documents