Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1974
Views
0
Helpful
4
Replies

VPN Design Issue

girish.sane
Level 1
Level 1

‎10-03-2000 02:06 PM - edited ‎02-21-2020 11:14 AM

I am looking for possible design solution to propose to a customer. He has a HQ and 10 remote offices/business partners. The remotes need to be connected to HQ and other remotes with VPN tunnels (IPSEC 3dES). The way we want to implement this is :

1) All the remotes will have one and only one Tunnel to the HQ router. IF they want to talk to the other remote it has to go through the HQ router. I know the Altiga boxes support the "router on a stick" topology but am not sure how to do it.

2) Since there are business partners involved in the design; there is no control on the IP addressing on their private network. It could be possible that a remote office and a business partner might be having the same private IP address range. How does one make the VPN configs on CISCO routers / Altiga immune to this ?

TIA

Labels:
0 Helpful
4 Replies 4

sajithnair
Level 1
Level 1

‎10-04-2000 07:48 AM

Assuming u r using 3000 series concentrator at both

the HQ and remote offices.Then its not possible to

create hub and spoke scenario.From each site you

have to create a link to every other site u require

to communicate.

Also if u r using Altiga boxes then each site requires unique ip addressing scheme.

0 Helpful

girish.sane
Level 1
Level 1
In response to sajithnair

‎10-04-2000 09:58 AM

Thanks for the response.... I had posed this question to a CISCO/Altiga guy and he said that this hub and spoke topology is supported by altiga ; I think they call it "SPLIT TUNNELING". Do you have any idea about that ?

i had my fears about unique IP addressing schemes but the scenario demands such a requirement. Do you know of any work arounds.

TIA

0 Helpful

sajithnair
Level 1
Level 1
In response to girish.sane

‎10-04-2000 10:43 AM

Split tunneling is something different.Suppose a

remote user with vpn client has connected to his

corporate network and at the same time he wants

to browse the internet also,it won't work.Because

all the packets are forwarded to the corporate network through the vpn tunnel.By enabling split

tunnel feature ,he can remain connected to his

corporate network through the tunnel and at the

same time he can browse the internet.

You must have unique ip addressing scheme.May

be the designers at Cisco/Altiga should think about

it and try to implement in their software as this

is more of a necessity when creating extranets

through vpn.

0 Helpful

sajithnair
Level 1
Level 1

‎10-04-2000 04:28 PM

Using NAT you can connect two private networks having same addressing.But I am not aware

how can u integrate NAT with VPN and get rid of

unique ip addressing

0 Helpful
Customers Also Viewed These Support Documents