Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
637
Views
0
Helpful
2
Replies

VPN Clients and Dynamic Addressing Configs

cesch
Level 1
Level 1

‎07-18-2001 03:21 PM - edited ‎02-21-2020 11:22 AM

Hello All,

We are trying to configure VPN for our mobile users and for our facility in the Dominican

Republic. The Unit in the DR only has v.34 dialup through a local ISP as ISDN and other

Leased Line options are unbelieveably expensive there (broadband is still a pipedream).

Currently, our remote users are dialing-in to a RAS (16-port modem module) on our Cisco 3640

which is the base router in our Corporate LAN/WAN (serving Frame Relay links to other

Corporate Divisions in the US). A RAS session from the DR over long-distance POTS is very

unreliable and generally retrains down to 9600 if it connects at all. Not to mention $3.20

just for each handshake to try! We are working with the ISP in the DR to allow multipoint

connections to boost throughput to the Internet for this client.

We intend to deploy Cisco Secure VPN Client v1.1 on our DR client (running Win98SE) and

other mobile users outside our local calling area.

After having gone through most (if not all) of Cisco's documentation on the subject, we have

not found a suitable router configuration example that fits our requirements. ConfigMaker

2.5 will only address router-to-router VPN with static addresses.

At the most, we will need to support 24 concurrent VPN sessions and all from ISPs with

dynamic addressing, including the ISP in the DR.

Here is what our network looks like:

We have a Cisco 1720 with VPN module on a T1 Leased Line connection to the Internet. The

1720 is running NAT/Firewall and E0 is connected to the Corporate LAN/WAN. There is an NT4.0

box running MS Proxy Server 2.0 for centralized access to the Internet. The Proxy IS NOT

running as a firewall and has an INSIDE SOURCE STATIC address assigned. There are two other

resources on the Corporate LAN that are assigned INSIDE SOURCE STATIC addresses as well. The

1720 access lists have been configured for the specific services on these resources. All

this has been working very well and our local RAS users enjoy being able to pop out to the

Internet over their dialup connections.

There are 8 subnets on our LAN/WAN in Class A (private) address space.

I have reserved 24 addersses from the local subnet as a pool for dynamic VPN NATing.

What I would like to see is a 1720 router config that is:

VPN Client (dynamic address) ---> [INTERNET] ---> Router (In on Serial Interface,

Mode-config, Wild-card Pre-shared Key with NAT) ---> Corporate LAN/WAN (via Ethernet

Interface)

This seems like it should a very common configuration for Cisco VPN networking but, I

haven't been able to find any examples that exactly fit this scenerio.

Please give me your thoughts on this.

Thanking All in advance, I remain,

Sincerely Yours,

Chuck

Labels:
0 Helpful
2 Replies 2

cesch
Level 1
Level 1
In response to b.speltz

‎07-23-2001 01:42 PM

Bob,

Thanks for your reply. The examples you cite still don't address required protocols on Serial interface via Extended Access List nor do they take into account non-static sources.

I don't want to use the dreaded "any" unless I can tie it to some protocol that encompasses only the VPN tunnels allowed by my secret.

Thanks Again,

Chuck

0 Helpful
Customers Also Viewed These Support Documents