I have promised to help a guy with a few design issues.
First of all his employers are dialling-in to the company when they need a connection from home (they have 2 ISDN modems on the site).
Second, they are all using public addresses on the LAN.
Third, his got some employers he does not want to give internet access, the way this is solved now is by using 2 separate LANs. One LAN using cabled network, the other LAN using wireless (has internet access). This is easy for him to manage without much technical knowledge, he just gives those who need internet access a wireless adapter...
I like to make a new design to make this a little more simple and fast.
My plan is first of all to get VPN on the site, that way his employers can use their much faster DSL connections from home and when they need a connection to the company, while not being at home, they can still make a analog/ISDN connection to their ISP and then a VPN tunnel to the office through the dial-up connection. This is not a problem right? ive only ever used VPN over ADSL. Also why am asking.
Another thing i planned is to skip his wireless network altogethers, along with his public addresses and then manage his internet restrictions with access-lists. we could give all those who need internet access an IP range from 220.127.116.11-80 and those we want to block with access-lists, a range from 192.168.10.90-110. This would ofcourse require static IP addresses but still its better than static-public addresses + wireless and cable.
How does all this sound? This way we can remove the ISDN modems at the site. Give home-users faster access to the company and manage the internet access the right way, and at the same time make the LAN more simple in design.
My question is, how does this sound over-all?
What product can we use for VPN (20 users or so) and will this product support access-list for internet-access management. Im hoping to solve it all with one box (access-lists and VPN)
This document illustrates two Cisco Secure PIX Firewall devices running a simple VPN tunnel from PIX 1 to PIX 2 over a public network using IPSec. A Cisco VPN Client 4.x connects to PIX 1. The configuration uses pre-shared keys (wild-cards for the clients' IPs), and mode configuration for the clients.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :