Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
619
Views
0
Helpful
2
Replies

Passing traffic between two VPN devices within a LAN

citycu123
Level 1
Level 1

‎09-22-2012 12:20 PM

Hello....

I have a situation I need to get some input.

I have a vendor that currently uses a Cisco 871 as a VPN router in our company network, they use it connect to provide services to one of the servers in our LAN for our customers. Recently, we are going to be setting up a 24/7 call center with this vendor, they will be accessing a server in our network through the VPN to provide customer service during after hour periods.

We have a problem however, with an application that is hosted by another vendor that is critical for our regular company call center. Access is reached with this application through this vendor by way of IPSec VPN tunnel that is built in our company's Cisco ASA 5510. This application is accessed via Internet Explorer that goes across to access the application at the endpoint

I need to figure a way by which the vendor that will be running the 24/7 call center coming through their tunnel in our network to connect over to the tunnel on the vendor on my ASA. Im likely going to have to set some routing of traffic in my internal default gateway router for this to work.

Suggestions?

Labels:
0 Helpful
2 Replies 2

hobbe
Level 7
Level 7

‎09-22-2012 01:36 PM

Hi

It is simple

You do not connect anything to anyone without the concent of all parties involved.

If I was the party that you where connecting to and you connected a third party without concent from my company and i found out, I would make sure that heads would roll and trust me a lawsuit would not be far away.

When you have the concent of all parties and all involved are in on the plan, then it is all up to how the application works.

Since we do not know that I can just give some general views.

you can use a jumpstation on your network that the 24/7 group can connect to, and thus gain access to the application

or

if the application uses a specific port and supports this, then you can setup a relay station in your network that forwards the traffic to the application server.

or

You can setup nat (a static) in your firewall so that when someone connects to a specific adress they will forwarded to the application ip address.

or

the 24/7 company can setup their own connection to the Application company.

just some examples that are possible, but it all comes down to how the application works.

Good luck

Hope This Helps

0 Helpful

citycu123
Level 1
Level 1
In response to hobbe

‎09-22-2012 04:06 PM

Hobbe,

Thanks for the input.

The problem is that the vendor hosting the application through my ASA will not allow third party access to its application, which rules our the vendors themselves communicating via a VPN. (Which to me would be the logical solution)  I agree it is a legal problem, but that is something our executive management will have to iron out.

My only solution at this point logically seems to be a jumpstation in our network for the 24/7 call center vendor.

I think the jumpstation is the best option, but then again it comes down a legal matter.

0 Helpful
Customers Also Viewed These Support Documents