Security with Hub and Spoke VPN's - with Dynamic remotes
I am attempting to locate information regarding a VPN security feature and have been unsuccessful. Another vendor (Sonicwall) claims they already have this feature so I am hopeful of a Cisco equivalent.
HQ(static IP) --(Dynamic) Remotes x70
Cisco 3800 -------------Cisco 800
Presently we have the above hub and spoke working fine using a wild card pre-shared key at the Head Office. We are looking for a method to retain this but adding on another layer of security by some how identifying the incoming remote VPN connection.
The goal is to have some way to uniquely identify the remote VPN firewall. This would enable us to individually secure each connection in addition to a single common key.
Sonicwall feature uses optional Identifiers Field to set ID's that both units seem to share above and beyond the general IPSec parameters.
Any help or suggestions would be appreciated, thanks.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...