Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN3002 Hardware Client?

I'm new to this stuff and have a quick question :)

I have the Cisco VPN3002 hardware client that I am trying to setup.

There is a public interface and a private interface on the box that is confusing me...

My network is pretty standard. A T1 line coming into a Cisco router that goes into a Checkpoint firewall and then onto the secure LAN.

My question is, where exactly do I connect the public and private interface to?

I'm thinking that the private would go into my switch behind the firewall. That much makes sense... But I can't find any documentation on what they mean by the public network.

I can give the public interface a public internet address, that's not a problem... I just don't know where to connect it to :)

Thanks a million for any help.

-Regards,

  • Other Security Subjects
2 REPLIES
Cisco Employee

Re: VPN3002 Hardware Client?

There is a sample config on:

http://www.cisco.com/warp/customer/471/vpn_3002_nem_5402.html

Don't know if the illustration would help.

You could connect the 3002 hardware client in two ways, one is in parallel with your Checkpoint, wherein the public interface would be on the same subnet as the outside interface of the checkpoint, hence would be on a switch port that would be on the same vlan as the outside interface of checkpoint, and the inside interface would be on the same subnet as the checkpoint inside interface. Then you could follow the sample config.

Another way is to place the inside interface on the same subnet as the inside interface of the checkpoint, and then the inside interface of the 3002 would be on a different inside ip subnet. There would be pros and cons between the two but it boils down to your security policy and if you consider IPSec traffic secure enough not to do more filtering.

New Member

Re: VPN3002 Hardware Client?

Thanks a million!

105
Views
0
Helpful
2
Replies