I have an request from a client that requires a LAN2LAN (3005 to 3005), but he wishes the 3005 that is at the host site to authenticate each user from the remote site. I'm looking at the documentation, but really don't see anything that quite fits.
This is a vendor of my client and the vendor could have up to 40 people needing access at any given time. We suggested using a VPN client, but deployment would be a HUGE issue.
LAN2LAN is the best route, however we need to know WHO is accessing the network.
The only other way would be to limit IP addresses that could connect into the host site 3005, but still doesn't tell us who is connecting, but rather who can connect.
I think the best route for you to take is to establish a tunnel between a 3002 and a concentrator ( 3005 ). This will give you individual user authentication on the concentrator
Please consult the following sample config:
Thanks for the info. Unfortunately, both sides have 3005 installed.
Is there another way using the hardware currently installed?
Thanks in advance,
If this feature is not implemented, does Cisco consider to implement the "Individual User Authentication" for a LAN-to-LAN connection ? Any info on the road-map ??
I think there will be a big market, with demand from the customer to implement such kind of solution. Right now we have implemented several projects using a similar solution (but not on an IPSec tunnel) with individual user authentication on a VLAN (vlan authentication) using Alcatel switch.