Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Multi-domain Network Layout

I need a cost effective solution that provides a reasonable amount of


The environment is a remote office using a cable Internet connection

with a couple of public IP addresses. The site will contain two W2K3

domain security servers. One server will support our company domain

and the other will support a training lab domain that is used by one of

our suppliers (I control the lab hardware/software but the supplier is

responsible for those who use it). I need to have a site-to-site VPN

tunnel and Internet access for the company domain, but only need

Internet access for the training lab domain. I have a Cisco PIX 515UR

at the corporate office as well as a Cisco 3000 VPN Concentrator. In

terms of spare equipment, I have a Cisco VPN3002 Hardware Client. The

training domain will support up to a dozen people and the company

domain will have about the same.

I have never set-up a hardware site-to-site VPN before (or a split

tunnel) and am not sure how to lay out the network. I am somewhat

concerned about preventing the lab domain from gaining access to our

company domain - but it seems low risk. I need to buy a firewall

(preferably Cisco to enhance interoperability with existing

infrastructure). If I can use the 3002 for the corporate VPN tunnel,

then I can buy an inexpensive PIX (501 - 50 user) to handle the

Internet traffic for the remote office people as well as the training

lab folks. Another solution is to run all of the "company" traffic

back through the 3002 and just have the lab on the 501 (I just hate the

thought remote offices using corporate bandwidth in both directions).

Any thoughts are appreciated.

CreatePlease to create content