I've been tasked with looking at VPN Solutions for that will enable various offices to exchange information. We have a number of scenerios due to acquisition and I'm looking for some guidance, with some recommendations on the better solutions. I've never configured a VPN and hope that you'll be able to give me a starting point to work from.
Various Scenarios, note Head Office is Windows NT 4.0 RAS & RRAS based with ISDN and PSTN connections to satellite sites.
1. ISDN connection to satellite site with Cisco 800 Router connected to Ethernet network, Windows NT (IP only).
2. PSTN Dial-up Connection from satellite site, currently using RAS to dial RAS Server. Windows NT (IP) and few NT clients.
3. ADSL connection at Satellite site to local ISP (POP) enabling Email only via the Internet.
The options that I'm debating are:
1. Windows NT VPN Solution, RRAS & PPTP Server. Satellites will connect via a POP and use NT VPN Clients.
2. Upgrade IOS on 800 routers to support tunnelling (PPTP) and perhaps PIX and bigger satellite sites. Is it just an IOS upgrade for tunnelling? Can I use the VPN Client with NT, what about NT authentication?
3. Install hardware VPN solution (Cisco 2xxx Router) at some sites with ADSL connection to POP.
All suggestions and the pros and cons will be gratefully noted.
Even though its probably not possible to make specific recommendations in a forum like this, Ill try and help you out. I would strongly recommend you have one of Ciscos design engineers look at your site and topology to offer you a good design proposal.
If the 800s are big enough for the traffic (IPsec takes a lot of processing) then yes, upgrade those. If you have to change out the routers, a 2600 series is good but may be excessive too (except from a growth standpoint). The 1700 series may be a cost-effective alternative.
I would put a big PIX at headquarters to be able to handle all of the tunnel terminations. Better to offload that work to a firewall then configuring it on the router. Youll also have a great firewall solution at the same time.
If you plan to deploy the PPTP tunneling client to server, as long as you have no access-lists blocking any IP, it should work now without any change. The downsides are PPTP is slower, less secure and hard to administer (client configs, system restores, etc.) IPsec is so much more secure even in its 56 bit DES format but 3DES is very strong. It would be setup site-to site and all the administration is done on the routers and PIXs so its transparent to the clients.
Finally, the VPN client can be used for client to network tunnels and currently supports Win 95/98 and NT. The new version for Windows 2000 is promised shortly. That would give remote users (i.e salespeople) the ability to connect from remote ISPs.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...