Passing traffic between two VPN devices within a LAN
I have a situation I need to get some input.
I have a vendor that currently uses a Cisco 871 as a VPN router in our company network, they use it connect to provide services to one of the servers in our LAN for our customers. Recently, we are going to be setting up a 24/7 call center with this vendor, they will be accessing a server in our network through the VPN to provide customer service during after hour periods.
We have a problem however, with an application that is hosted by another vendor that is critical for our regular company call center. Access is reached with this application through this vendor by way of IPSec VPN tunnel that is built in our company's Cisco ASA 5510. This application is accessed via Internet Explorer that goes across to access the application at the endpoint
I need to figure a way by which the vendor that will be running the 24/7 call center coming through their tunnel in our network to connect over to the tunnel on the vendor on my ASA. Im likely going to have to set some routing of traffic in my internal default gateway router for this to work.
You do not connect anything to anyone without the concent of all parties involved.
If I was the party that you where connecting to and you connected a third party without concent from my company and i found out, I would make sure that heads would roll and trust me a lawsuit would not be far away.
When you have the concent of all parties and all involved are in on the plan, then it is all up to how the application works.
Since we do not know that I can just give some general views.
you can use a jumpstation on your network that the 24/7 group can connect to, and thus gain access to the application
if the application uses a specific port and supports this, then you can setup a relay station in your network that forwards the traffic to the application server.
You can setup nat (a static) in your firewall so that when someone connects to a specific adress they will forwarded to the application ip address.
the 24/7 company can setup their own connection to the Application company.
just some examples that are possible, but it all comes down to how the application works.
The problem is that the vendor hosting the application through my ASA will not allow third party access to its application, which rules our the vendors themselves communicating via a VPN. (Which to me would be the logical solution) I agree it is a legal problem, but that is something our executive management will have to iron out.
My only solution at this point logically seems to be a jumpstation in our network for the 24/7 call center vendor.
I think the jumpstation is the best option, but then again it comes down a legal matter.
Radius server configuration for 802.1XServer radius test1Address ipv4 10.1.1.1Key 1234!Server radius test2Address ipv4 10.1.1.2Key 1234!aaa group server radius TEST-grserver name test1server name test2!aaa authentication dot1x default group TEST-graaa aut...
One of the biggest concept in VPN Technologies is NAT Traversal, like NAT Traversal in VOIP deployment with SIP Protocol, the history is always inside the payload to solve the Incompatibility between NAT and IPSEC like the Incompatibility between SIP prot...
"What is this 'Orbital Query Corner' thing", you ask? It's the name of an occasional series of articles, each discussing one particular point or use case for the Orbital advanced search feature that is available in Cisco Secure Endpoint starting at ...
0. The Issue
On 20 July 2021, Microsoft issued an alert for CVE-2021-36934 "Windows Elevation of Privilege Vulnerability".  The problem in this case is an overly permissive Access Control List (ACL) applied to system files, including the Se...