Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1588
Views
3
Helpful
4
Replies

Authenticating Users for a LAN2LAN IPSec tunnel

mkoponick
Level 1
Level 1

‎01-08-2003 10:13 AM - edited ‎02-20-2020 10:28 PM

Hello,

I have an request from a client that requires a LAN2LAN (3005 to 3005), but he wishes the 3005 that is at the host site to authenticate each user from the remote site. I'm looking at the documentation, but really don't see anything that quite fits.

This is a vendor of my client and the vendor could have up to 40 people needing access at any given time. We suggested using a VPN client, but deployment would be a HUGE issue.

LAN2LAN is the best route, however we need to know WHO is accessing the network.

The only other way would be to limit IP addresses that could connect into the host site 3005, but still doesn't tell us who is connecting, but rather who can connect.

Suggestions?

Thanks!

Mike

0 Helpful
4 Replies 4

jfrahim
Level 5
Level 5

‎01-08-2003 10:31 AM

Hi Mike,

I think the best route for you to take is to establish a tunnel between a 3002 and a concentrator ( 3005 ). This will give you individual user authentication on the concentrator

Please consult the following sample config:

http://www.cisco.com/warp/customer/471/vpn3002-ind-usr-auth.html

Jazib

mkoponick
Level 1
Level 1
In response to jfrahim

‎01-08-2003 11:41 AM

Jazib,

Thanks for the info. Unfortunately, both sides have 3005 installed.

Is there another way using the hardware currently installed?

Thanks in advance,

Mike

0 Helpful

jfrahim
Level 5
Level 5
In response to mkoponick

‎01-08-2003 03:06 PM

hi there,

That was the only option that I could think of

Jazib

0 Helpful

e.l
Level 1
Level 1
In response to jfrahim

‎01-09-2003 05:39 AM

Dear Jazib,

If this feature is not implemented, does Cisco consider to implement the "Individual User Authentication" for a LAN-to-LAN connection ? Any info on the road-map ??

I think there will be a big market, with demand from the customer to implement such kind of solution. Right now we have implemented several projects using a similar solution (but not on an IPSec tunnel) with individual user authentication on a VLAN (vlan authentication) using Alcatel switch.

Best Regards,

Engel

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card