Solved: Short term VPN solution for europe

TroyBolton · ‎03-03-2020

Currently have an issue at the office, where the dev team(in Europe) needs to be able to work from home.

Now the company has a corporate vpn which we access via Cisco any-connect.

in europe they can only access the corp network from the office, but at home only their laptops can access the corp network since it carries anyconnect, but they essential need AP to be able to test their set top boxes, apple tv boxes and so forth.

So i've connected a home router directly to the laptop and then started anyconnect which is fine but once i try to share the hotspot from windows the option isn't allowed.

Is this due to a policy from Cisco annyconnect and is there a workaround as this is urgent.

Also in london we have 2 firewall boxes which are the termination points for the anyconnects, I was thinking maybe we should fire up another cisco asa firewall and create an ip-sec that the users from europe could get into, and once they have access they could share their connection over wiifi as long as they were using an Ethernet connection.

Any suggestions or solutions?

Thanks

Jaderson Pessoa · ‎03-03-2020

Hello my friend,

I dont know if i understood your doubt, but let me try.

Are you needing to connect your home users to your corp network using a vpn. Since it is only his own desktop/laptop, work fine, right? But you want connect also other devices like appletv and so on? Well.. think that it is not a vpn client-server.. it is a vpn site-to-site(can be IPSEC), since there are others devices(sourceS) needing access in your corp network.

In this case i agree with you, using a firewall box to provide security connection with your corporate network.

Jaderson Pessoa
*** Rate All Helpful Responses ***

View solution in original post

Jaderson Pessoa · ‎03-03-2020

Hello my friend,

I dont know if i understood your doubt, but let me try.

Are you needing to connect your home users to your corp network using a vpn. Since it is only his own desktop/laptop, work fine, right? But you want connect also other devices like appletv and so on? Well.. think that it is not a vpn client-server.. it is a vpn site-to-site(can be IPSEC), since there are others devices(sourceS) needing access in your corp network.

In this case i agree with you, using a firewall box to provide security connection with your corporate network.

Jaderson Pessoa
*** Rate All Helpful Responses ***

TroyBolton · ‎03-03-2020

Hi, thanks for your input, we ended up creating an IPSEC and from there they were able to gain access to the corp network,

Thanks again

Marvin Rhoads · ‎03-03-2020

The remote access SSL VPN (using Anyconnect) is designed to be used by a single client. If you need the client's entire local network to use VPN services then you need a site-site IPsec VPN terminating in a client router

Cristian Matei · ‎03-03-2020

Hi,

You have two options here:

- use site-to-site tunnels, so deploy a VPN gateway in the remote locations; afterwards control which host can send what traffic through the tunnel

- use the Office Extended Access Point feature, which i think will be better in your use case (traffic is tunnelled to the HQ via DTLS, you have both WiFi and Wired, can control what can go through the DTLS tunnel, can have multiple SSID's)

Regards,

Cristian Matei.