11-01-2003 07:12 PM - edited 02-21-2020 12:51 PM
Hi ,
Can I use both function for two VPN function in same box ?
Do I use same pre-shared key for both ?
My network is :
VPN3030--pix(local)-internet--pix(remote)
My need:
VPN3030 ipsec with pix(remote)
vpnclient from internet connect to vpn3030.
Question :
Does I need two groups for them ?
Does I use the same preshared-key? Or
Specific key for each group ?
Thanks very much
11-03-2003 08:49 AM
Can I use both function for two VPN function in same box ? YES
Do I use same pre-shared key for both ? YOU COULD BUT I WOULDN'T USE THE SAME KEY FOR DIFFERENT CONNECTIONS, COULD CAUSE SECURITY ISSUES LATER
My network is :
VPN3030--pix(local)-internet--pix(remote)
My need:
VPN3030 ipsec with pix(remote) - DOABLE
vpnclient from internet connect to vpn3030. -DOABLE
Question :
Does I need two groups for them ? YOU NEED TO DEFINE A "GROUP" FOR THE REMOTE ACCESS CONNECTION, BUT NOT FOR THE LAN2LAN (UNLESS YOU USE EZVPN ON THE PIX or IOS ROUTER, THEN YOU WOULD CONFIGURE THAT CONNECTION AS A REMOTE ACCESS CONNECTION AND DEFINE GROUPS)
Does I use the same preshared-key? Or
Specific key for each group ? I WOULD USE A DIFFERENT KEY PER CONNECTION.
Thanks very much
___________________________________________________
Remote Access and LAN2LAN connections can coexist on the Concentrator, but they are configured differently.
in most cases when you configure Remote Access connections, they are for roaming clients that are using VPN Client Software or for small offices using IOS Routers or PIX running EzVPN feature set or the 3002 hardware client. In these instances you will need to push policies down to them ('Mode Config' i.e. IP Address they will use on the inside of your network, DNS and WINS Server, etc..). This is configured under Configuration > UserManagement > Groups).
On the flipside is the LAN2LAN connections. You don't define a "group" for that. the preshared key is define with all the other parameters (phase1, phase2 policies, subnets/hosts to protect) on the same page (Configuration > Tunneling Protocols > IPSec > LAN-to-LAN)
you create the LAN2LAN connections under Traffic Management.
I have copied and pasted this from our Concentrator. Page: Configuration > Tunneling Protocols > IPSec > LAN-to-LAN
"This section lets you configure IPSec LAN-to-LAN connections. LAN-to-LAN connections are established with other VPN 3000 Concentrators, PIX firewalls, 7100/4000 series routers and other IPSec-compliant security gateways. To configure a VPN 3002 or other remote access connection, go to User Management and configure a Group and User. To configure NAT over LAN-to-LAN, go to LAN-to-LAN NAT Rules."
11-04-2003 01:47 PM
Hello,
I already complete the Site-to-Site and remote access at same VPN3030 .
Site-to-site is connected to pix , and remote access is connected to internet users which is using vpnclient 4.03a.
But I find one BUG. I donot know whether is right or not. Could you tell me how to veriry.
The SYMPTON:
Only one internet user can use. 2nd user can connect , but only 20 seconds. VPN client show " no response from the other side" , then drop the connection.
Thanks a lotto your update.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide