Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k

Connect to IPSEC network over VPN

Hello there,

I have a question regarding IPSEC.

At our company we have a Windows server that can only communicate using IPSEC. It has IPSEC enabled with Kerberos as authentication method. Only one department is using that server. There are a lot of confidential files on that server. The members of that department also need acces to those files from their homes. Our company supplies a VPN method to all of its employees. I have tried to connect to that server from home over the VPN conenction but without succes. My XP client is able to communicate IPSEC. Is it possible to make such an IPSEC connection through a VPN tunnel? And if yes, do I need special CISCO equipment for it?

Kind regards,

Rafael.

Everyone's tags (1)
3 REPLIES

Re: Connect to IPSEC network over VPN

Hi,

If you want to connect using IPsec from a windows machine to a windows server then the answer is yes (if going through the Internet, the server requieres a public IP).

It is an L2TP/IPsec connection.


Federico.

Re: Connect to IPSEC network over VPN

Hi Federico,

Many thanks for your reply. The situation is as follows:

At home I connect with a Windows XP machine to the CISCO VPN concentrator on the public Internet. This concentrator then provides me acces to the servers on the internal (no public addresses) network. I can connect to servers without the IPSEC require rule, but not to IPSEC require servers. Is making an IPSEC connection possible in this situation without having a public address no my server? And if yes, what type of CISCO device do I need?

Kind regards,

Rafael.

Re: Connect to IPSEC network over VPN

Interesting...

So you can VPN to the Concentrator using IPsec (that's fine).

Then.. you need to access an internal server using IPsec.

The problem that I see is that to connect using IPsec you should establish a tunnel.

You cannot establish an IPsec connection directly to the internal server if it does not have a public IP or if the concentrator does not redirect the IPsec connections to the internal server.

As a test can you do the following...

Connect using IPsec to the concentrator (now you have access to the internal LAN).

Get access to an internal machine or server (via RDP perhaps), and then create the IPsec connection to the server in question.

Federico.

541
Views
0
Helpful
3
Replies
CreatePlease to create content