Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Can CVPN Client on an internal LAN establish tunnel to a 3015 Concentrator?

Hi,

I have a concentrator connected to a router for encrypting data between the concentrator and the remote clients. On top of that, I wish to encrypt the data between some of the PC running cisco vpn client on the local LAN and the concentrator. So to create an end-to-end secure tunnel between the remote PC and the local LAN PCs. Is it possible?

Thanks alot.

Moh Fun.

4 REPLIES
Silver

Re: Can CVPN Client on an internal LAN establish tunnel to a 301

Though I have never tried it, I don't think it is possible to have the Client exchange encrypted data with the concentrator over the private interface and then send it over another IPSec tunnel to the peer router over the Public interface. However, you could try placing your users on the external interface.

New Member

Re: Can CVPN Client on an internal LAN establish tunnel to a 301

I think only one of the interfaces can be described as Public and only the public interface can terminate tunnels

New Member

Re: Can CVPN Client on an internal LAN establish tunnel to a 301

This is actually a very interesting question. I would say that you should be able to do it but unfortunetly I don't have a 3005 to test with. Your post was quite some time ago where you able to test and verify your question?

Regards,

Jason

New Member

Re: Can CVPN Client on an internal LAN establish tunnel to a 301

Hi all,

Thanks alot for your comments.. Unfortunately, I do not have a concentrator to test with.

If concentrator can only terminate tunnels on the public interface, and if we still wish to establish IPSec tunnel from within the LAN till the remote site. Could we do like this: 3002 Hardware client --> concentrator --> Router --> Remote clients with VPN clients? In this case, the hardware client will establish a tunnel to the concentrator, at the same time those remote vpn clients will establish tunnel to the concentrator?

As the concentrator can only terminate tunnels on the public interface, we will connect the hardware client public interface parallel to the concentrator public interface. Is that a possible setup or I'm making the design complicataed?

Thanks alot for the time & effort.

Have a nice day,

Moh Fun.

88
Views
0
Helpful
4
Replies
CreatePlease to create content