Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Can VPN Concentrator act as a routing gateway?

Hi All,

I have a VPN 3005 behind a Cisco 1841 router. The Cisco 1841 is holding an internet connection. Now the VPN 3005 is acting as a VPN endpoint for internet Remote VPN coming in. And behind the "Private" interface of the VPN3005 there is a LAN(e.g. 10.0.0.0/24).

I would like to ask can this VPN3005 route traffic from Private(10.0.0.0/24) to Cisco 1841? Because I intend to let the 10.0.0.0/24 access internet without establishing a VPN tunnel to VPN3005's "Private" interface.

Anyone know?

Thanks!!!

Jason

4 REPLIES
New Member

Re: Can VPN Concentrator act as a routing gateway?

Anyone can help me?

Best Regards,

Jason

Gold

Re: Can VPN Concentrator act as a routing gateway?

yes it can. it might be a pain to set up, and it will decrease the overall security posture of the device itself. also, since the 3005 only does software encryption, the appliance will then be even more taxed. if you post a network diagram, maybe we can make other suggestions to integrate it into your network.

Hall of Fame Super Silver

Re: Can VPN Concentrator act as a routing gateway?

Jason

I have a customer who has been doing this. They have a LAN inside which goes through a VPN concentrator to get to a firewall and an Internet connection. It was in place when I started working with them so I can not speak to how difficult it is to set up. But it does not look like it was difficult.

HTH

Rick

New Member

Re: Can VPN Concentrator act as a routing gateway?

Hi All,

Many thanks for your help!

I'm just to confirm if the VPN Concentrator can act as a routing gatway. The background of my question is based on a production environment. In this environment, there is having traffic only of incoming VPN connections(Remote access VPNs start from users on Internet). No outgoing traffic is passing through ASA--> VPN Concentrator --> Cisco 1841. (ASA is the gateway of the local LAN segment).

But in the future, two new zones will be created on ASA. One is for one part of user to go to internet. Another one is for third-party company on internet to get data. LAN to LAN VPN will be created between this third-party company's PIX506E and VPN Concentrator of my site.

Now I confirm that the VPN Concentrator can route traffic. So I think I can add these 2 new zones based on the existing production infrustructure.

Attached is the draft diagram for this case. Because this production network cannot be changed except adding new zones on ASA. So is it acceptable of my concept of adding those new zones on ASA?

Thanks!!!

Jason

143
Views
5
Helpful
4
Replies
CreatePlease login to create content