Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

site-to-site design

From a design perspective, is it better to terminate an ipsec tunnel end-point on the WAN facing interface or LAN facing interface if looking to terminate a tunnel on a perimeter router? Also, do the tunnel end-points need to be outside the network ranges that define interesting traffic for tunnel transport? thanks in advace.

1 REPLY
Bronze

Re: site-to-site design

Hi there!

You need to terminate the VPN traffic at any VPN Box like a concentrator or any Cisco router or PIX. This device must be exists between your inside network and the outside. The inside interface must be directly connected to your Private network. or you can install it in an DMZ zone and permit the VPN traffic from outside to this device.

I hope this is helpful

Please rate if it does!

Abd Alqader

90
Views
0
Helpful
1
Replies
CreatePlease login to create content