Newbie Question regarding VPN, NAT, remote VPN setup

Discussion in 'Cisco' started by brad, Jun 15, 2007.

  1. brad

    brad Guest

    Group,

    I apologize in advance for not knowing more about this stuff.

    But our company has 3 locations, all running windows xp; a static ip
    address for each, and each has a cisco 1700 series router; There are
    currently VPN tunnels set up so that each office can access the other.

    This setup was created by a network consultant, who is no longer in
    the picture.

    I need to change the setup so a remote user, hopefully using the CISCO
    VPN 4.6 client software can connect to one of the three external IP
    addresses, and connect through to the internal network, hopefully with
    some authentication/password prompting.

    I'm tempted to ask what should I do now, at this point but, I will
    ask: where can I look to learn how to do this? What terminology
    should I be using?

    My instinct tells me this should be super easy because everybody does
    it, but I can't understand what needs to be done from the router help
    files alone.

    Is authentication handled at the router?
    Is there separate server software that needs to run on an actual
    windows box or domain server?
    Once a connection and NAT to an internal address is established, what
    next? how do I restrict access via Windows login?

    Thanks in advance and please direct me to the appropriate place if
    this is the wrong forum for this sort of topic,

    Brad
     
    brad, Jun 15, 2007
    #1
    1. Advertisements

  2. brad

    Chad Mahoney Guest

    No problems, people post in NG's to get help, welcome!
    Sounds good
    Easy enough
    You would be connecting to the router using a IPSEC VPN, this VPN is
    encrypted and very secure. It is not uncommon. Go to the cisco website
    click on support and look through the documentation, take a read a this:

    http://cisco.com/en/US/products/hw/routers/ps221/prod_configuration_guide09186a008007cfa7.html
    I would not say easy, but once you get the hang of it, it becomes easier :)
    Could be, or you can pass authentication off to a internal RADIUS server
    such as Windows IAS or *NIX platform
    Does not need to be, you can create user accounts on the router itself,
    but people find it easier using the same password as there login to the
    network.
    You create a pool of IP address that the clients are given when they
    connect, there does not need to be any NAT as the IP POOL is local to
    the network, in most cases, I would have to see how your network is defined.

    What you need to ensure is that the IOS version you are running supports
    VPN, I can not tell you what IOS version that would be, but you will
    need to ensure the router is running it.


    HTH,

    Chad
     
    Chad Mahoney, Jun 15, 2007
    #2
    1. Advertisements

  3. brad

    brad Guest

    Thanks Chad, that was a step in the right direction.

    We don't have the VPN Series 3000 concentrator mentioned in the
    documentation, but there appears to be a simultaneous client/server
    setup that may work for us.

    Regarding NAT, our 3 external fixed IPs are something like 69.x.x.x
    and all of the internal ones 10.x.x.x. I thought NAT had to map the
    incoming 69 packets to the destination 10 packets and visa versa for
    outward bound packets.

    My simplified use case is this:
    Brad takes train to Chicago, loses thumbdrive containing important
    files in the seats
    Stops at starbucks or mcdonalds and connects to big-bad-internet
    Turns on wireless adapter radio and fires up CISCO VPN client .exe
    Points it to one of the 69 addresses at one of our offices (ideally
    would like to choose ANY).
    A CISCO 1700 miracle happens and suddenly I'm a 10.x.x.x address
    Brad drags and drops important files to laptop, slams an egg mcmuffin
    and is back on track.

    Anyway, thanks again, I see there is also a website in the easyvpn doc
    file that has some configuration examples.

    Brad
     
    brad, Jun 15, 2007
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.