Vpn client & concentrator address planification and design help
We are planning to implement a vpn solution for employees to work from home (no site to site). We base our design on the Safe VPN document. Each group of user receive a address from a different pool of address so we would like to control what they are allow to access on the network.
Where should I control the traffic. With filters in the VPN Concentrator or in the PIX ?
2st problem :
Do I plan different subnet for each group? I have problem configuring each group since I have no default gateway interface for each of these subnet reserve for my vpn clients. That let me think that my design is wrong. Most of the design I see are using a pool of address that is part of the private interface the VPN concentrator. The subnet linking the VPN concentrator private interface and the PIX would be used only to transit all packet.
Re: Vpn client & concentrator address planification and design h
Though the concentrator can be placed in front, behind or on the DMZ, I feel that the fourth option of placing it parallel to the firewall seems to be the best one. After all, if someone can connect to the concentrator (using the group username and password) and authenticate themselves at the user level (username and password), they are in all likelihood valid users. Also, in that setup, it would plainly be the job of the configuration on the concentrator to control access.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :