Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
519
Views
0
Helpful
2
Replies

VPN3002 Hardware Client?

Mitch200
Level 1
Level 1

‎12-04-2001 11:13 AM - edited ‎03-08-2019 09:19 PM

I'm new to this stuff and have a quick question :)

I have the Cisco VPN3002 hardware client that I am trying to setup.

There is a public interface and a private interface on the box that is confusing me...

My network is pretty standard. A T1 line coming into a Cisco router that goes into a Checkpoint firewall and then onto the secure LAN.

My question is, where exactly do I connect the public and private interface to?

I'm thinking that the private would go into my switch behind the firewall. That much makes sense... But I can't find any documentation on what they mean by the public network.

I can give the public interface a public internet address, that's not a problem... I just don't know where to connect it to :)

Thanks a million for any help.

-Regards,

Labels:
0 Helpful
2 Replies 2

cjacinto
Cisco Employee
Cisco Employee

‎12-06-2001 11:16 PM

There is a sample config on:

http://www.cisco.com/warp/customer/471/vpn_3002_nem_5402.html

Don't know if the illustration would help.

You could connect the 3002 hardware client in two ways, one is in parallel with your Checkpoint, wherein the public interface would be on the same subnet as the outside interface of the checkpoint, hence would be on a switch port that would be on the same vlan as the outside interface of checkpoint, and the inside interface would be on the same subnet as the checkpoint inside interface. Then you could follow the sample config.

Another way is to place the inside interface on the same subnet as the inside interface of the checkpoint, and then the inside interface of the 3002 would be on a different inside ip subnet. There would be pros and cons between the two but it boils down to your security policy and if you consider IPSec traffic secure enough not to do more filtering.

0 Helpful

Mitch200
Level 1
Level 1
In response to cjacinto

‎12-11-2001 07:06 AM

Thanks a million!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents