My company has a client who currently has 2 offices connected by a private T1 using Pix at each site.
This client now is adding a 3rd office and wants to be able to connect to the other 2 offices using a VPN through the internet. They also want to be able to allow 4 mobile users the ability to use VPN from their own home ISP. I
First, is this possible?
Second, anyone have an idea on where I can get documentation or help implementing this? I have never set up a VPN before.
Third, are there any good books out there on Cisco Pix and VPN's? If so, can I have the ISBN #'s?
If anyone needs a diagram of what I am trying to explain above please email me at: firstname.lastname@example.org and Ill send it to you.
I think the way to go here is implementing a "full-mesh" VPN network through your 3 Internet entry points. I think that answers the feasibility. Adding VPN client is no problem either as long as you make sure that their "policies" will be delt after your VPN sites. Because your mobile users are bound not to have the same IP addresses each time they connect to the Internet, it's very important that those "wild card" source addresses are being treated AFTER the more precise and well-known Site addresses.
On the second and third point, I feel that the Cisco examples from the CCO would be more than sufficient to accomplish your task. I've delt with Cisco VPN for a very long time and , although there were errors in the configuration examples a year ago or so, the examples are now very mature and are exposing the solutions to your questions,
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :