11-01-2002 08:20 AM - edited 02-21-2020 12:09 PM
I have a request from Fleet support users to open up UDP 500/10000 for IPSEC access from a Banks VPN Dialer Software (using Cisco VPN Client Software and SofToken II), to connect to this bank's VPN Concentrator. My question is is there a way I can configure my local 3030 Concentrator so the user can log in local to TxDOT's concentrator and connect to this banks's concentrator so I will have better internal Security. I haven't been able to talk with the banks Network person yet, but I'd assume they may hesitate to allow a LAN-LAN VPN connection.
Therefore, any suggestion on configurations on how to use my :Local Concentrator as a relay between the VPN client software and the banks' Concentrator. Any hints/tips/advice is greatly appreciated.
Brian Kalstad
11-01-2002 09:41 AM
Brian,
The clients that connect to your VPN 3000 must be assigned an IP in a network that is being tunneled across the L2L to the Bank VPN 3000.
So if you LAN-to-LAN is configured for Network Lists, then define the IP Address pools , to hand out to the clients, from a network in the NetList
This should work!!!
Nelson
11-01-2002 11:07 AM
Ok, that helps, but if the bank is hesitant about doing the LAN-2-LAN VPN, is there a way I can "proxy" my 3030 as the client, and have my user login to my Concentrator to connect to the bank. All the user does once the VPN is connected is TN3270 (port 23) to the bank's mainframe. Any ideas?
Brian Kalstad
01-15-2003 11:48 AM
I am afraid it is not possible. Unless you have a LAN-LAN setup which can be used to route the traffic over to the banks' VPN3K.
Workaround:
The Bank folks can lockdown (if needed) the ports with which you connect via LAN-LAN and allow only TN3270 session through, while at the same time clients connecting to your VPN3K can aslo be restricted to be allowed TN3270 traffic using filter on the group.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide