Remote Site - Concurrent LAN--TO-LAN tunnel and Remote Access Connectivity
Central Site - VPN 3005 Concentrator, with public interface in a DMZ behind a PIX firewall. ACL on PIX permits inbound connections to the concentrator as ESP, UDP port 500 and UDP port 4500. Concentrator has NAT-T enabled globally.
Remote sites have varying types of Cisco routers. Configured with LAN-TO-LAN IPSec VPN tunnel. ACL on remote router only permits connections to the central site over TCP ports 25 and 110. This is for security reasons. Remote sites are without any local IT support or admin, therefore a threat to central site.
From time time personnel from the head office visit the remote sites. The personnel at the head office use MS Outlook as a MAPI client connected to the Exchange server. When they visit the remote sites they cannot connect to the Exchange server, because of the ACL that restricts traffic to TCP ports 25 and 110 only.
Is it possible for head office personnel to use the Cisco VPN client from the remote sites to form a remote access connection, at the same time as the LAN-TO-LAN tunnel? When we try and do this at present the VPN client connects but it brings down the LAN-TO-LAN tunnel.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...