02-12-2003 08:41 PM - edited 03-02-2019 05:03 AM
How do we add encryption to an already exisiting remote access network of AS5300 access servers and dial users. Dial method to access the AS5300 in the corporate backbone is via the PSTN network and not via internet. Current ly we use radius to authenticate the users and the IP address pool is provided by the AS5300.
02-15-2003 08:31 PM
Hi ,
Best way to encrypt over access is using ipsec over async.
02-16-2003 08:56 PM
Hi,
Do you have sample config by which we can do ipsec over async since i dont have a clue asto how it works .The diagram below is the present setup
dialuser----PSTN------AS5300---Radius LAN and backbone LAN.
The ipaddress pool is provided by the AS5300 based on user config stored in RADIUS (ACS v.3.0) running on w2k server. Can we use the VPN concentrator ( cisco 3015) behind the AS5300 towards the RADIUS LAN in the above diagram. Will there be a new set of IPs required by the VPN concentrator in addition to what is provided by the AS5300 inorder to run IPsec tunnels to the VPN client.
02-16-2003 11:33 AM
For that dialin client needs to have some sort of VPN client installed on PC..So You can use PPTP with MPPE for that. You need to have PPTP tunnel server for that to terminate the encrypted tunnels.
So the network diagram will look like
dialup client......PSTN.....AS5300......Tunnel server.....AAA (ACS)...
Here is the sample config for that
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t5/dt_pptp.htm
Configuring CiscoSecure ACS for Windows Router PPTP Authentication
02-17-2003 09:04 AM
Can we use a VPN concentrator as the tunnel server and use VPN client supplied alongwith. Also if we need to run IPsec over it will there be two sets of IP address pools required viz., one for use by the AS5300 and the other pool by the VPN concentrator.
I went thru the above URL but ther is no mention of IPSec encrption which we need. Is there a config available with IPSec encryption added to the above setup as drawn by you above.
Thanks...
02-17-2003 10:04 AM
YES.. you can use IPSEC with VPN concentrator. Here is the url where you will find lots of sample configs with it.
http://www.cisco.com/cgi-bin/Support/browse/psp_view.pl?p=Internetworking:IPSec&viewall=true
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide