cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
790
Views
0
Helpful
6
Replies

VPN design question

ngorenko
Level 1
Level 1

We have ASA 5500 as a VPN server, then we have several differnt clients:

- remote home users (ompanie's employees)  - we decided to use AnnyConect SSL VPN client

- partners  - clientless access to web-applications

- several offcies that aere "mobile" - here is my question "what kind of clinet is to use?"

"mobile" office is office that our company isntalls in differnet expositions. Each such office has router 8xx that should provide remote access for several PC and printer. Printer can not create VPN session, this is why we can not use SSL. What is the best VPN solution for such "mobile" office?

6 Replies 6

conmurph
Cisco Employee
Cisco Employee

Hi,

Could you setup a site to site VPN between the ASA and router that you have if it supports VPN tunnels? Here are some docs with more information and sample configurations.

http://www.cisco.com/en/US/products/ps5855/products_configuration_example09186a0080a9a7a3.shtml

http://www.cisco.com/en/US/docs/security/asa/asa82/getting_started/asa5500/quick/guide/sitvpn.html

Cheers,

Conor

Hi Conor,

Thank you for answer. I looked: both samples described site-to-site VPN with fix ip address as a tunnel end point. Is it exsit some possibility to make configuration for non-fix ip address at the remote site router?

If you have 800 brand routers (or any router for that matter) or Cisco ASA 5505's at your remote site I would recommend using EzVPN instead of site-to-site as using EzVPN will make your configs easier and will support dynamic addressing on your remote sites.

http://www.cisco.com/en/US/tech/tk583/tk372/tech_configuration_examples_list.html#anchor7

thank you for advices

conmurph
Cisco Employee
Cisco Employee

I don't have much knowledge about VPN's so hopefully one of the experts can add to this. From the following links it looks as though you can configure the remote side to have a dynamic IP while keeping the main site as a static IP.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807ea936.shtml

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a00800ae459.shtml

Cheers,

Conor

That would be one of the benefits of using EzVPN.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: