Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
766
Views
0
Helpful
2
Replies

VPN Concentrator network location in relation to router

jrogalski
Level 1
Level 1

‎05-22-2003 05:19 AM - edited ‎02-21-2020 12:33 PM

Hello,

we are currently running a VPN through the internet using IPSec tunnels (no GRE/IPSec yet). At our main office, we have a C3640 with one internet T1 and 30 tunnels to remote locations (static IPsec). Now, we are going to add a VPN 3000 series concentrator for remote access. I have been able to setup a VPN client connection to the 3640 from home using XP with the serial IP of the 3640 as my tunnel endpoint. It was suggested by our Cisco rep. to put one interface of the concentrator to our private IP ethernet LAN and the other to a seperate switch/network and same with the 3640 (one ethernet int. on our private LAN and the other ethernet interface on the new switch with the concentrator). Since the serial IP of the 3640 is the only internet routable IP address, I am confused as to what the tunnel endpoint for the VPN client's IPSec tunnel will be to connect to the VPN concentrator. I have been searching for some documentation that shows diagrams of the devices, but haven't found anything that will shed some light. Any thoughts or links would be greatly appreciated.

Thanks,

John.

Labels:
0 Helpful
2 Replies 2

drolemc
Level 6
Level 6

‎05-28-2003 10:51 AM

Normally, the network is designed such that the concentrator and another device (such as the PIX firewall) are parallel to each other and both forward their traffic to the networks Internet gateway, which is a router. All IPSec protected traffic is steered towards the Concentrator while all other unprotected/unreliable traffic passes through the firewall. You will ultimately use some varient of this setup and you will need additional IP's for that.

0 Helpful

jrogalski
Level 1
Level 1
In response to drolemc

‎05-28-2003 11:02 AM

We had to get a block of routable IPs from our ISP to create a DMZ where the VPN concentrator / VPN router will sit behind the T1 for the location (a 2620 will be used at the T1 to pass VPN traffic to either the VPN router or the VPN concentrator, depending on the destination IP). At first, we were trying this solution with only one internet routable IP...which seemed (and is probably) impossible. Thanks for the response and helping confirm what we need to do.

0 Helpful
Customers Also Viewed These Support Documents