Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
227
Views
0
Helpful
2
Replies

3002 VPN in parallel with a campus router

dsprunger
Level 1
Level 1

‎10-20-2003 11:58 AM - edited ‎02-21-2020 12:49 PM

In Indiana Univ’s multi-campus network, we have placed filters at the Internet edge. Purdue Univ. has campuses on both side of this filter. PU wants to place a 3002 VPN Hdw Client on my South Bend campus to communicate back to the main campus. However, they do not want all of the workstation to have to communicate through the VPN.

So, the network would look something like this:

PU SB-|-Lcl Rtr--IU rtrs--Int--PU Edge Rtr-|-PU Net

| | | |

|-3002 VPN Main VPN---|

At first, I was hoping to be able to place both interfaces on the same subnet; but, I’m reading that it is not possible.

To get only PU SB to PU Main Campus traffic to route via the VPN and all other PU SB traffic to not; will I need to program the IU Local Router to permit selected PU SB traffic? Also, wouldn’t the VPN need to be configured to block general Internet traffic from passing via the VPN, especially traffic that would have to return to an IU campus?

I think PU has two concerns: <1> prevent some traffic from having to cross the IU filter twice. And, <2> overload the VPN with general Internet traffic.

Right now, PU has some workstations that have VPN client configurations for both the IU system and the PU system. They are looking for a solution to eliminate the juggling between VPN sessions and regain access to resources that the latest security measures that IU has setup has blocked.

In conclusion, is it possible to have a 3002 VPN touch two subnets that go into the same router with filter established on both the 3002 and the router to control the traffic flow?

Dan Sprunger

Labels:
0 Helpful
2 Replies 2

Not applicable

‎10-28-2003 02:51 PM

Dan,

I am not sure if I understand your last statement. Do you mean to terminate both ends of the VPN on the same router? As far as my little knowledge on VPN goes, this looks strange to me.

0 Helpful

dsprunger
Level 1
Level 1
In response to

‎10-28-2003 03:22 PM

Your right, it appears to be a bit strange; but that is what we have to start with.

We have a central (cat5k-rsm) router on our campus in IU South Bend. I have control over the filters on this router.

One subnet of the cental router leads to a router connected via a DS3 to a router at our Indy campus, where we have our access to the Internet. For IU's protection, filters are in placed at the edge routers to the Internet. I have no control over this filter.

On another subnet off the central router, we have a group that needs to punch a hole through the Internet filter to get to their colleagues. So, the Cisco 3002 VPN sounds like a solution with one criteria. They only want the traffic that must go to their colleagues to pass through the VPN.

So, we have a subnet on the central router with one side of the VPN attached. The other side of the VPN must get attached somewhere on our small network on another subnet, because the single DS3 would be handling both the encapsulation VPN packets and all the rest of the campus traffic.

So, to get this to work, I'll need to block packets distance for the VPN from passing through the central router without first being encapsulated by the VPN.

On VPN packets coming to our campus, I would think that I have less of a problem, since the central router would send it to the VPN first.

I know this was long; but I hope it helps.

dts

0 Helpful
Customers Also Viewed These Support Documents