Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Authenticating Users for a LAN2LAN IPSec tunnel

Hello,

I have an request from a client that requires a LAN2LAN (3005 to 3005), but he wishes the 3005 that is at the host site to authenticate each user from the remote site. I'm looking at the documentation, but really don't see anything that quite fits.

This is a vendor of my client and the vendor could have up to 40 people needing access at any given time. We suggested using a VPN client, but deployment would be a HUGE issue.

LAN2LAN is the best route, however we need to know WHO is accessing the network.

The only other way would be to limit IP addresses that could connect into the host site 3005, but still doesn't tell us who is connecting, but rather who can connect.

Suggestions?

Thanks!

Mike

4 REPLIES
Bronze

Re: Authenticating Users for a LAN2LAN IPSec tunnel

Hi Mike,

I think the best route for you to take is to establish a tunnel between a 3002 and a concentrator ( 3005 ). This will give you individual user authentication on the concentrator

Please consult the following sample config:

http://www.cisco.com/warp/customer/471/vpn3002-ind-usr-auth.html

Jazib

New Member

Re: Authenticating Users for a LAN2LAN IPSec tunnel

Jazib,

Thanks for the info. Unfortunately, both sides have 3005 installed.

Is there another way using the hardware currently installed?

Thanks in advance,

Mike

Bronze

Re: Authenticating Users for a LAN2LAN IPSec tunnel

hi there,

That was the only option that I could think of

Jazib

e.l
New Member

Re: Authenticating Users for a LAN2LAN IPSec tunnel

Dear Jazib,

If this feature is not implemented, does Cisco consider to implement the "Individual User Authentication" for a LAN-to-LAN connection ? Any info on the road-map ??

I think there will be a big market, with demand from the customer to implement such kind of solution. Right now we have implemented several projects using a similar solution (but not on an IPSec tunnel) with individual user authentication on a VLAN (vlan authentication) using Alcatel switch.

Best Regards,

Engel

258
Views
3
Helpful
4
Replies
CreatePlease login to create content