ipsec and pptp

jdickler · ‎09-03-2003

We have requirement to provide remote access via both dial and broadband to a secure network inside our business network. This network, SCADA, is separated from the business network by a PIX506. Business users access the SCADA network often using the Cisco VPN Client over IPSEC. We have a CISCO 3000 Concentrator that terminates remote access sessions. Is there any way to terminate those remote access sessions and then open another encrypted session to the SCADA PIX? I had originally thought to terminate the remote session on the vpn3000 using pptp and then allowing the user to open an ipsec session to the SCADA pix. This doesn't seem to work. Is there another strategy or workaround that will provide the solution? Thanks.

mostiguy · ‎09-03-2003

Hmmm.

Do all users who need remote access to SCADA already have access to the 3000 vpn? Or are there people who need scada access, but should/must not have access to resources allowed if they had rights to access the 3000 vpn?

Do people need to access resources from both scada and corp. concurrently, or is it viable to tell them, "its one or the other, bucko"?

jdickler · ‎09-04-2003

Thanks for the quick response.

All users have access to corp. SCADA users have access to both. All have remote access to the vpn3000 which is outside the SCADA nets but inside the corporate net. As a company policy we do not allow simultaneous access. The SCADA nets provide access to the water control systems so are considered highly secure networks. All connections to them through the pix's are via ipsec.

Yes, it IS one or the other bucko!