Solved

Using satellite and Cisco?

Posted on 2004-08-30
9
508 Views
Last Modified: 2010-04-17
We are trying to implement  a  site to site VPN here. Headquarters have a cisco router, and so will the remote site.     Problem is, the remote site must use satellite to access the internet.  My questions are:

1. Can GRE or IPSEC be tunneled via satellite connection?

2. How will the satellite interface to the cisco router?
0
Comment
Question by:dissolved
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 43

Expert Comment

by:JFrederick29
ID: 11931020
1. Sure, the satellite connection should work fine with your VPN tunnel.

2. Typically, the satellite connection will be handed off as an RJ45 Ethernet connection so you'll need a router with an extra ethernet interface.
0
 

Author Comment

by:dissolved
ID: 11931316
Thanks JFrederick. Can I use a 2600 router (w/dual ethernet interfaces) to do this?
Thanks
0
 

Author Comment

by:dissolved
ID: 11931324
will it support IPSEC or GRE tunneling I mean with the latest IOS?
thanks
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 43

Expert Comment

by:JFrederick29
ID: 11931776
Yes, 2600 with dual ethernet interfaces will work.  You need to use the Advanced Security or IP PLUS (IPSEC, 3DES) image.  Only the IOS images including security allow for VPN use.  You can use the Software Advisor on Cisco's website to find the exact image to download.
0
 

Author Comment

by:dissolved
ID: 11931848
Do you recommend a cisco pix behind the 2600? I'm guessing I will have to config the pix as well for VPN. Or only the router?

So the 2600 will be acting as the VPN server and the PIX will be doing it's regular thing?

Also, L2TP is the tunneling method to use when going from site to site VPNs right? Where does IPSEC come into play here? L2TP is not encrypted by default so IPSEC does that?
(sorry about the noob questions)
Thanks
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 11931905
Yes, by all means, use a PIX behind the 2600 router and let it handle the VPN and filtering.  If you use a PIX, the 2600 router will NOT be configured for the VPN, it will be acting as a pass through more or less.  The PIX would only be setup for the VPN.

Yes, IPSEC provides encryption for L2TP as it does not have built in encryption.
0
 

Author Comment

by:dissolved
ID: 11932272
ok so it's:

router------->pix (doing vpn and filtering)-------------->switch--------------------->users

In essence, the pix is THE vpn server.  Last 2 questions:

1. What pix firewall can do what I need (I know there must be a ton of different models.) Looking for the most cost effective solution.

2. What ports on the router need to be forwarded to allow VPN incoming/outgoing to and from Pix (vpn server)

Thanks man, you rock!
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 11932401
Yes, your diagram is correct.

1.  You can get away with a PIX 501.  It is the least expensive model but will do what you need to do.  You can get 10, 50, or unlimited user licenses depending on how many connections you are looking at.

2.  You will need to forward TCP 1701, UDP 500, IP 50, and IP 51 for a L2TP and IPSEC VPN.
0
 

Author Comment

by:dissolved
ID: 11932542
you rock thanks man
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
BGP Code 12 60
Problems Watching Movies using DSL - is it the movie provider fault? PC fault? Router fault? Something else? 10 73
Ping in Fortigate 2 41
Access-List 15 34
While it is possible to put two routes in place with the secondary having a higher metric, this may not always work. In the event of a failure that does not bring down the physical interface on the router the primary route is not removed. There is a…
In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question