Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Community LAN VPN issue

Posted on 2003-03-28
5
Medium Priority
?
262 Views
Last Modified: 2010-04-12
Our small condo has a shared T-1 line. It was practically free because we put the administrative phone lines on the T-1 line using Voice over IP. The nice thing is we get to use the bandwidth for internet when the phone lines are not in use.  A Cisco IAD2400 serves as the router and dhcp server. The router connects to a series of baystack managed switches. The access so far has been great, but recently someone started experimenting with a AT&T VPN client to connect to their office with little success.

So far, we have tried setting up a static IP inside the router and opening up ports specified by the employers IT dept.

We do have the option to add public IP addresses to the router.

I am trying to think ahead to the day when several users are attempting to use VPN at the same time.

Question: What would be the best way to allow multiple users to access different VPN servers from inside our community LAN?
0
Comment
Question by:1stinlastout
  • 3
5 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 8229466
There are so many variations on VPN's that it is difficult to come up with a single solution. Many times NAT will break it, and different setups require different ports, and trying to do one-one NAT for everyone may not be the easiest solution. If you have enough pulic IP addresses, the simplest solution would be to simply use public addresses.
0
 

Author Comment

by:1stinlastout
ID: 8231269
I can get the IP addresses, but I was hoping to use a second VPN router/gateway to pass the vpn off to each user as needed. IP addresses are getting more difficult to get as we have to fill out ARIN justification form and then wait at least three days to get a block of IPs. If someone visiting needs to VPN we could run short. On the other hand we could get more than we need and just sit on them. Seems like a waste of cyberspace.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8232872
Without doing one-one NAT, or assigning public addresses without using nat, it would be very difficult to support all the different types of VPN. MS PPTP absolutely won't work behind nat, some VPN client that use AH headers won't work behind nat.

If you use a nat pool with enough addresses that makes it more statistically probable that a user will get a dynamic one-one nat, then most VPN's should work. Are you using an external firewall, or doing everything right on the 2400?
Assuming that you have an inbound acl, can you post the acl?
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 1000 total points
ID: 8254049
if you can place a linux box behind your 2400, you may install FreeS/WAN on it which acts as VPN gateway.
It requires only one IP, and can handle multiple different VPN connections to your LAN using IPSec.
Is this what you need? or do you need VPN to your M$-servers in the LAN?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8450534
G'day, 1stinlastout
It has been 36 days since you posted this question.
Do you still need help? Have you received enough information?
Can you close out this question?
Ways to close questions: http://www.apollois.com/EE/Help/Closing_Questions.htm
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the Top 10  common Cisco VPN problems are not-matching shared keys. This is an easy one to fix, but not always easy to notice, see the case below. A simple IPsec tunnel between fast Ethernet interfaces of routers SW1 (f1/1) and R1(f0/0). …
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question