I just want to have the picture of how they're linked to each other (using IP addressing).
The thing is; I am trying to set up a VPN connection between two LANs located far from each other(each has about 50 users).
The thing is I am not sure if what I have in planning is right.
I plan to get 2 Class C addresses from an ISP, on for each LAN. I will apply subnetting to each, by making use of a router (VPN,cisco branded) on each LAN. This routers will have 5 switches connected to them, then inturn 10 PCs will be connected to each of the switches, to make a total of 50 PCs on each LAN; so far is this setting ok?
The thing is, I am not sure how I will configure each router to speak to each other over the internet. I know it can't be as straight forward as I plan on doing it; i.e. by me somehow including in the router (LAN A) the Public IP address of router (LAN B) and Vice-Versa.
Please, what I have just said, is it in anyway right? or am I missing something?
Basically, just want to have a sort of picture of how everything will be linked.
If you need to know, I plan on implementing a Remote Access VPN (SSL), which I believe will be web-based.
First of all, when you connect the 5 switches to the router, all the 5 switches will be cascaded and one port of the router will connect to the top most switch on the cascade.. By doing this, there will only one vlan in which all the 50 users will reside. All the PCs on the LAN will have a default gateway pointing to the router's ethernet interface IP.. Though this is not the best way of doing, it is OK to start with.. The PCs on the local LAN can be assigned with Private IPs (say 10.1.1.0/24). Router ethernte IP can be 10.1.1.1 in this case..
The router will be connected to the ISP and you will have a public IP on the WAN link.. you can do a PAT on this router for internet browsing.. refer to CCO for PAT configuration.. once translated, all the PCs on the inside will have internet connection.. You can also configure a loopback interface with a /32 IP , for management purposed only...
This is the first step u will do.. once after doing this, u will be able to browse and connect onto the other site too...
Hope this helps.. all the best.. rate replies if found useful..
So, if I'm right, what you explained will be related only to the LANs. Thanks for clarifying that.
Bt what about the case of xconnecting the router to the other router in the other LAN?
Also, since it's a network of about 50 hosts, a clas C network will be appropriate as the public IP, right?
And if that is the case, and the other LAN has been allocated an IP, would I just configure the router in one LAN to connect with the router on the other LAN somehow, by stating the public IP of the other LAN?
Wnat to know again how they will be linked across the LANs with IP addressing (like you did earlier on)
how far are the LANs seperated? are they in different buildings? there are a lot of ways you can do this. if you can run a copper or fiber urself, then it should be fine.. u can interconnect the routers/switches using this and route the traffic across to the second zone.. if not u can talk to an ISP and look out for options like:
the cheapest thing is to have a IP VPN over internet.. u just need to have 2 internet connections at both the ends.. u can have routers with security IOS, through which u can configure something like IPSEC VPN for data communication.. but this solution is not stable. latency over internet can vary.. there is no guaranteed response.. this is really a half baked solution...
but on the other hand, if u have leased lines or MPLS or EoSDH or Metro ethernet links, this is stable and u can get guaranteed response over the WAN. its secure too.. but is a lil costly over the other solution.... u can check with the ISP folks, compare the cost and then decide.. If you dont have any budget with you, u might want to think of the IP VPN option !!!
Is it possible that I could get some VPN router that wouldn't need me to enter commands to set it up? Basically I would connect it up like setting up a broadband router at home (stuff already built in), then only having to enter parameters regarding the conection to the other router accross the WAN and parameters for the LAN.
And also, do you think it;s mandatory I have some sort of Server for Firewall purposes, one for Network traffic (even when I am makin use of switches)?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :