Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
511
Views
10
Helpful
4
Replies

VPN Questions from a complete noob..

Go to solution
Tristyn_Wyat
Level 1
Level 1

‎03-30-2020 10:12 AM

I'll start by saying I have next to no experience with VPNs, aside from connecting to them from time-to-time.

 

We're looking at purchasing/setting up a VPN for remote access and I had a couple of questions. We'll probably only start w/ 20-30 users connecting, but that will steadily increase over time, with no idea of where we'll max out at.

 

1)  Do I need a concentrator? From what I've researched, they seem made more for large numbers of people connecting at a time.  Any suggestions on good ones for, lets say 200 max, users (if i need one)?

 

2) With VPN connections, is it possible to map a specific user logging in to a specific IP address/subnet on the inside network? Or would I need to setup multiple VPN connections and have users connect to whichever maps to the network that I want them in?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎03-30-2020 10:23 AM - edited ‎03-30-2020 10:35 AM

Hi,

No you don't necessarily need to have a dedicated VPN concentrator, large organsiations do for separation of roles rather than have one device do everything, this helps reduce complexity.

 

You can purchase the Cisco Firepower 1000 series firewalls, datasheet here. The FP1010 model support maximum 75 VPN peers, the 1020 model supports 150 VPN peers and the 1040 supports up to 400 VPN peers. You should purchase based on your maximum connections, so you might need to purchase the 1040

 

To assign a static IP address to users if you use LDAP to authenticate you can follow this guide, or alternatively if you use RADIUS follow this guide.

 

HTH

View solution in original post

4 Replies 4

Go to solution
Rob Ingram
VIP
VIP

‎03-30-2020 10:23 AM - edited ‎03-30-2020 10:35 AM

Hi,

No you don't necessarily need to have a dedicated VPN concentrator, large organsiations do for separation of roles rather than have one device do everything, this helps reduce complexity.

 

You can purchase the Cisco Firepower 1000 series firewalls, datasheet here. The FP1010 model support maximum 75 VPN peers, the 1020 model supports 150 VPN peers and the 1040 supports up to 400 VPN peers. You should purchase based on your maximum connections, so you might need to purchase the 1040

 

To assign a static IP address to users if you use LDAP to authenticate you can follow this guide, or alternatively if you use RADIUS follow this guide.

 

HTH

Go to solution
Tristyn_Wyat
Level 1
Level 1
In response to Rob Ingram

‎03-30-2020 10:36 AM

@Rob Ingram Do they allow multiple pools on the inside with different subnets? ie, 192.168.15.0/24, 192.168.25.0/24?

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to Tristyn_Wyat

‎03-30-2020 10:38 AM

Yes, you can have multiple VPN pools or you can even use DHCP, this can be configured statically or dynamically via RADIUS.

HTH

Go to solution
Tristyn_Wyat
Level 1
Level 1
In response to Rob Ingram

‎03-30-2020 10:40 AM

Thanks! You're great, and thanks for answering my total noob question. Much appreciated.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents