We have requirement to provide remote access via both dial and broadband to a secure network inside our business network. This network, SCADA, is separated from the business network by a PIX506. Business users access the SCADA network often using the Cisco VPN Client over IPSEC. We have a CISCO 3000 Concentrator that terminates remote access sessions. Is there any way to terminate those remote access sessions and then open another encrypted session to the SCADA PIX? I had originally thought to terminate the remote session on the vpn3000 using pptp and then allowing the user to open an ipsec session to the SCADA pix. This doesn't seem to work. Is there another strategy or workaround that will provide the solution? Thanks.
Do all users who need remote access to SCADA already have access to the 3000 vpn? Or are there people who need scada access, but should/must not have access to resources allowed if they had rights to access the 3000 vpn?
Do people need to access resources from both scada and corp. concurrently, or is it viable to tell them, "its one or the other, bucko"?
All users have access to corp. SCADA users have access to both. All have remote access to the vpn3000 which is outside the SCADA nets but inside the corporate net. As a company policy we do not allow simultaneous access. The SCADA nets provide access to the water control systems so are considered highly secure networks. All connections to them through the pix's are via ipsec.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :