Moving to a VPN network environment separate from our Frame Relay

admin_2 · ‎07-22-2002

We are looking to establish a external VPN network environment and still keep our internal Frame Relay network up. We have all Cisco 2600 routers at each internal remote location. With this new external VPN network, we want to allow only certain connections to our main internal site and block traffic to our other internal remote sites. What equipment do you think would handle this VPN security and management the best? Any advice would be appreciated.

Thanks, Robbie

edadios · ‎07-22-2002

Routers with ipsec image handle the lan to lan scenario best. If you would be doing remote access vpn, the vpn3000 handles that best. If you need firewalling besides the vpn, the firewall could also perform vpn.

the best thing to do would be to contact your local Cisco Systems Engineer for a design plan that would suite your requirement best.

Regars,

paqiu · ‎07-22-2002

I think router to router hub and spoke design might suite your need.

The central site will be the hub, and all your romote sites are spokes.

You can control the traffic depending on the ipsec match address access-lists.

(VPN interest traffic). Here is the sample config:

http://www.cisco.com/warp/customer/707/ios_hub-spoke.html

Best Regards,