Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1136
Views
0
Helpful
6
Replies

User names in site-to-site vpn??

Go to solution
rickpastor
Level 1
Level 1

‎02-10-2011 01:41 PM

It's been several years since I  set up non-DMVPN  IPSEC VPNs.  At the time it was Pix 515s.  If I  remember correctly, I could set up either a site-to-site vpn (in which  phase I and phase II specs were entered, PSK, etc.) of a remote-user vpn  (where the above would be set up along with XAUTH for user credentials,  and, I believe security group settings for different users). This is  before DMVPN, which simplified a lot of it.

In  any case, now I have a colleague who has purchased a RVS4000 for the  purpose of configuring a site-to-site vpn with BeeVPN, a site that  allows him to circumvent his ISPs monitoring.  When he asked BeeVPN for  specs on how to set up his RVS4000 as an IPSEC termination point for a  site-to-site vpn, they responded  with instructiions to enter his  username and password as well as Group name.  Does this make any sense?  Shouldn't a peer address, encyption/auth/diffe-hellman, etc. settings  and PSK all that is needed for a site-to-site vpn?

By  the way, I realize he may have another issue with his dynamic ip  address.  But I was hoping I could first get some help on the basics.

Thanks very much

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions
6 Replies 6

Go to solution
PAUL GILBERT ARIAS
Level 5
Level 5

‎02-10-2011 01:58 PM

Hello my friend. If I am not wrong the technology used by BeeVPN is called SSL VPN or WEBVPN. Is runs over https.

I assume your colleges device is able to be used as a WEB VPN client. This type of VPN get configured on a ASA or Router for example and the user just needs to know the IP, username and password.

I hope this helps.

0 Helpful

Go to solution
rickpastor
Level 1
Level 1
In response to PAUL GILBERT ARIAS

‎02-10-2011 02:22 PM

You are correct, sir.  BeeVPN supports DTLS/SSL (AnyConnect) vpns.  In fact, I currently have AnyConnect set up on an ASA here.  But the reason he wants to terminate the vpn on a router/firewall is that he wants only MOST of his traffic insulated by BeeVPN.  He also wants to launch a traditional IPSEC vpn when connecting to the office here, only a few blocks from his house.

My thought was that we'd set up ACLs on the router to select which traffic gets sent over which tunnel.  All traffic destined for the work location would be routed over one tunnel, while everything else would go through BeeVPN.

0 Helpful

Go to solution
PAUL GILBERT ARIAS
Level 5
Level 5
In response to rickpastor

‎02-10-2011 02:45 PM

I believe that router support multiple site to site vpn tunnels, he should be able to configure different VPNs and define the interesting traffic for each VPN.

0 Helpful

Go to solution
rickpastor
Level 1
Level 1
In response to PAUL GILBERT ARIAS

‎02-11-2011 08:08 AM

So am I correct in recalling that there is no need for user credentials and vpn group name (not Diffe-Hellman group) in a site-to-site tunnel?

0 Helpful

Go to solution
PAUL GILBERT ARIAS
Level 5
Level 5
In response to rickpastor

‎02-11-2011 08:15 AM

You are correct.

0 Helpful

Go to solution
rickpastor
Level 1
Level 1
In response to PAUL GILBERT ARIAS

‎02-11-2011 08:28 AM

Thank you.

0 Helpful
Customers Also Viewed These Support Documents