VPN options

hsnanua2011 · ‎08-15-2011

Dear all,

This is a question that has either many or no options....

Here is the situation: Please do refer to the attachment.

We have a Proserve HP router, which is on top of the network. This router does not perform NAT. The router connects to the internet and to the switch, also HP switch. The switch connects to the VPN router and the load balancers. The load balancers are the ones that do the NAT, using Linux.

OK, say i need to make a VPN from the VPN router to an external client. I would make a simple site to site VPN, using Ipsec (since the VPN router is actually a ASA FW). the question comes: besides IpSec, are there any other options, whcih are as good as Ipsec? I tried PPTP, SSL but they have their flaws...

I am trying to re-do the whole network, to ensure that a VPN is possible, as there was an expert who said it is impossible to create a VPN with a Public IP address. I am not so sure why he said it is not possible.

Do assist.

Thanks

Jennifer Halim · ‎08-15-2011

If you are trying to establish a VPN tunnel between your ASA FW and external client gateway, then the only possible option is to create Site-to-Site IPSec tunnel as you have advised.

PPTP, and SSL are both remote access client solution, not gateway to gateway (or site-to-site solution). Both PPTP and SSL VPN you would need to connect from the PC towards the external client gateway, and you won't be able to use the ASA FW to terminate those VPN.

In regards to "impossible to create a VPN with a Public IP Address", I am not quite sure what it means as the reason why we create a VPN tunnel is normally because it's via the Internet, and when you are routing traffic on the Internet, you would need to have public IP Address. So the statement of "impossible to create a VPN with a Public IP Address" is completely incorrect.