Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
230
Views
0
Helpful
1
Replies

VPN, Product and Design

thomassadi
Level 1
Level 1

‎04-28-2006 02:53 AM - edited ‎02-21-2020 02:23 PM

I have promised to help a guy with a few design issues.

First of all his employers are dialling-in to the company when they need a connection from home (they have 2 ISDN modems on the site).

Second, they are all using public addresses on the LAN.

Third, his got some employers he does not want to give internet access, the way this is solved now is by using 2 separate LANs. One LAN using cabled network, the other LAN using wireless (has internet access). This is easy for him to manage without much technical knowledge, he just gives those who need internet access a wireless adapter...

I like to make a new design to make this a little more simple and fast.

My plan is first of all to get VPN on the site, that way his employers can use their much faster DSL connections from home and when they need a connection to the company, while not being at home, they can still make a analog/ISDN connection to their ISP and then a VPN tunnel to the office through the dial-up connection. This is not a problem right? ive only ever used VPN over ADSL. Also why am asking.

Another thing i planned is to skip his wireless network altogethers, along with his public addresses and then manage his internet restrictions with access-lists. we could give all those who need internet access an IP range from 198.168.10.50-80 and those we want to block with access-lists, a range from 192.168.10.90-110. This would ofcourse require static IP addresses but still its better than static-public addresses + wireless and cable.

How does all this sound? This way we can remove the ISDN modems at the site. Give home-users faster access to the company and manage the internet access the “right” way, and at the same time make the LAN more simple in design.

My question is, how does this sound over-all?

What product can we use for VPN (20 users or so) and will this product support access-list for internet-access management. Im hoping to solve it all with one box (access-lists and VPN)

thanks in advance.

Labels:
0 Helpful
1 Reply 1

wong34539
Level 6
Level 6

‎05-04-2006 06:54 AM

This document illustrates two Cisco Secure PIX Firewall devices running a simple VPN tunnel from PIX 1 to PIX 2 over a public network using IPSec. A Cisco VPN Client 4.x connects to PIX 1. The configuration uses pre-shared keys (wild-cards for the clients' IPs), and mode configuration for the clients.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800948b8.shtml

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents