Site2Site VPN

ikram-khan · ‎03-29-2002

Hi All,

I'm in the process of designing a VPN between our company and a client where I want the client to be able to access one of our databases sitting behind a Cisco 1720

Q1 - Does the client need to make any changes on their side to be able to access us? (Ex- Have a VPN enabled router or something)

Q2 - What is the deal with VPN clients and how do i go about installing and configuring them

Thanks

cjacinto · ‎03-30-2002

If you are configuring a site to site vpn from your company to the client's router (which is vpn capable), you don't really need to change anything on the client's PC just configure the router for site to site vpn. Your remote clients should just point to the vpn router on their side as the def g/w or have a static route to your internal network to go via the vpn router.

If you are talking of the VPN 3.0 client, there is really not much to configure in them except the ip address of the concentrator they are connecting to, the group name and password of the group configured on the vpn head end (ie PIX, IOS or 3K) which list the policies that would be pushed to the client. You just install it like any other app on your PC and configure it accordingly. A sample config is off CCO on:

http://www.cisco.com/warp/customer/471/ios-unity.html

daniel.kline · ‎04-03-2002

Ikram,

Yes, your client will have to make the appropriate IPSec changes to their router. You should use tunnel mode for VPN. If you or they are using NAT, you/they will also have to use access lists to ensure that only the traffic that needs to be encrypted gets encrypted and tunneled.

The remote VPN client configuration is relatively easy.

Dan