Re: Incoming connection to a laptop through an established VPN l

blepiolot · ‎01-28-2005

Hello,

I would like to know if the following scenario is possible:

- The laptop establishes a VPN tunnel using the Cisco VPN client to a Cisco VPN gateway at site A.

- The laptop is running a SSH Server (for instance)

- Is it possible to connect to the laptop using SSH from a computer at site A (through the IPSec tunnel)?

I know that it is feasible with a gateway to gateway VPN connection but is it feasible with a client to gateway connection?

Thanks in advance.

Regards,

Bertrand.

owillins · ‎02-03-2005

The scenario you explained is possible.The only thing is that SSH Version 1 is implemented in the Cisco IOS software.

ehirsel · ‎02-03-2005

Yes, it is possible to run outbound connections to vpn clients. Not only does the vpn gateway have to allow those outbound connections on the local-lan link that unencrypted packets pass, but the cisco vpn client cannot be running the stateful firewall in active mode. A check mark will appear by the stateful firewall option in the vpn options if it is active.

Note that unless that client will always get assigned the same ip address, you would have to configure the gateway to allow outbound connections to the pool, since it won't know beforehand which client is running the ssh service. So there is security risk, but it can be accomplished.

You do not need to run ssh on the vpn gateway since the ssh is an end-to-end session between the vpn client and an internal network host.

Let me know if you need more help.

blepiolot · ‎02-03-2005

Thanks a lot.

You replied to my question.

Regards,

Bertrand

Incoming connection to a laptop through an established VPN link