Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1344
Views
0
Helpful
5
Replies

Designing and implimenting a new VPN

rmaciel
Level 1
Level 1

‎09-05-2000 12:06 PM - edited ‎02-21-2020 11:14 AM

Hello,

I have been assigned the task of deploying a VPN for our company. To be honest with you I know very little about VPN's and have been doing some research to try to get up to speed. We have a Cat 5000 connected to a 7200 which connects to our pix, then the pix connects to a 2500 which goes out of a csu an connects to a local ISP. I need to connect 12 different sites through the VPN. I looked into an Altiga C30 and C60 but found out that they were used for remote users. I'm actually looking to go from LAN to LAN. What would you recommend for hardware and what would be the best way to config this?

Labels:
0 Helpful
5 Replies 5

bwalchez
Level 4
Level 4

‎09-06-2000 01:52 PM

We usually go with 2 Cisco routers running IPSEC VPN software for site-to-site VPN's but often our customers need firewalling capabilities as well. In those cases we either get the IOS firewall feature set for the routers too or we use PIX firewalls.

or

We use a router at one site and a PIX at the headquarters. We also use VPN client software on some of the sales peoples notebooks.

Works great!!!

0 Helpful

shabib.syed
Level 1
Level 1
In response to bwalchez

‎10-02-2000 09:02 AM

Well I have the same task to implement a VPN, what i design was using a 3620 connected to the outside interface to PIX 515 whose inside interface is connected to the backbone switch. Now my remote clients will be runniing VPN client software. Right now I have only one Full T1, but i might need to increase my bandwidth since i will have some remote offices. I know 3620 is not that scalable but what i need to know is about the PIX 515. Now i have not really grasp the concept of concentrators. With not more then 150 remote users will this implementation work? And even if I have 2 more Full T1 i can continue with 3620? My other question is for remote offices, can I use DSL there so that they dont use my netowrk bandwidth for internet, but only to use internal resources.

0 Helpful

bob.short
Level 1
Level 1

‎09-07-2000 02:18 PM

You'll want to check with your Cisco reseller to get a design recommendation that is appropriate for your specific needs. They have design experts qualified to answer your questions.

Do any other community members have suggestions on what is working well in your environments?

0 Helpful

wballinger
Level 1
Level 1

‎09-14-2000 09:00 PM

The VPN 3000 Concentrator (formerly Altiga) series works great for LAN-to-LAN and remote users VPNs. Currently have multiple 3000 units performing both functions. The boxes are easy to configure.

You can also terminate your LAN-to-LAN VPNs into the PIX or a host router at the main site. During initial rollout I had about 3-5 sites terminating into a 3640. Obviously with the 3640 scalability was an issue, but it does work.

Overall I think that the best solution for the main site would be the VPN 3000 unit and use the appropriate router at the remote site, dependent on encrypted throughput requirements.

0 Helpful

fkitunga
Level 1
Level 1

‎09-16-2000 06:53 AM

First you need so set your LAN ip address to a true Internet IP (consult the local ISP),

Ensure that the boxes have a SSL running on them

Create a gateway from the LAN to the VPN thro your ISP for enabling connetion between the LAN,

Fix the remote gateway in all the LAN boxes,With your local ISP assistance

0 Helpful
Customers Also Viewed These Support Documents