Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ATM Banking to be implemented to IP system

Hi!

Good day to everbody.

I just want to consult if anybody here has done implementing Autmatic Teller Machines on banks to be IP based already?

I also want to know what solutions where raised and used for these machines to be IP based with a certain amount of security on their side?

Was there IPSec VPN on the LAN?

Thanks.

6 REPLIES

Re: ATM Banking to be implemented to IP system

Hi,

I have done some similar implementations.

In those scenarios, the ATM branch router to the nearest hub locations, will be running IPSEC 3DES VPN.

Every ATM Branch will have small local lan which is connected to the Router for wan connectivity.

The traffic between the WAN Router at ATM branch at the nearest Hub/Branch location will run over IPSec VPN.

-VJ

Community Member

Re: ATM Banking to be implemented to IP system

VJ,

Hi!

Thanks for the idea. Actually we are running leased lines from the branches to our head office. The ATM terminals are Windows XP based and connected to a LAN switch and a WAN router. Would you suggest installing a Cisco VPN client that would connect to our head office firewall?

Thanks for your comments.

Re: ATM Banking to be implemented to IP system

Hi,

What are all the other devices connected on the LAN Switch?

Considering any future expansions for other devices in that location, you can plan to run IPSEC between the WAN routers.

If you want to have IPSec protection right from the ATM terminal(XP system),then you can very well configure IPSec between XP and the remote wan routers.

Have a look a this article from microsoft, which will help you configure IPSec on the XP system.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q240262

The option of having ipsec originates from the wan router or from the XP system is yours.

I would suggest to have the IPSec configurations in the wan router which encrypts all the traffic originating from the lan on that location to the H0.

Revert back if you need further clarifications.

-VJ

Community Member

Re: ATM Banking to be implemented to IP system

VJ,

Actually, the devices on the LAN switch would be workstations of the tellers, staffs, manager and also the ATM. I am afraid of someone deliberately installing wireless access points just to have WiFi. I guess I have to shut all unused ports and get a notification if they are turned on.

Yes I guess VPN on the WAN router is also good. I will study the link you referred above and see if it is doable.

My problem now is how to maintain the updates on the ATM devices...got to think again.

Thanks VJ, your of great help.

Blue

Re: ATM Banking to be implemented to IP system

Are you encrypting all your branch traffic? Since you have a private line circuit, IPSEC VPNs for your ATMs may not be necessary. PIN transmission is already encrypted from the ATM to the switching host.

We use ACLs on switch ports and routers to restrict traffic to ATMs, but do not use VPNs.

Dave

Community Member

Re: ATM Banking to be implemented to IP system

Dave,

Hi!

I understand that there is a two factor authentication before the data is transferred outside the ATM machine.

We'll try to make a laboratory to simulate it.

Thanks for the idea.

Chris

137
Views
0
Helpful
6
Replies
CreatePlease to create content