Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Setting up Cisco VPN 3005

Posted on 2004-09-30
3
467 Views
Last Modified: 2013-11-16
Hi all,

I just purchased a Cisco VPN Concentrator 3005 and am having trouble getting it to work. Here's my current config. We have an Internet T1 that goes into an Intel router. From there it goes to a Sonicwall Firewall. After that, it goes to our switch and then out to our internal network. My question is where is the best place to put the VPN Concentrator? I figured the private port would plug into the switch and I gave it an IP of 192.168.0.7 and the public needs to have an Internet IP, but where does that plug into? The switch also? Or do I need to have another switch that has the Intel router plugged into it and it  bypasses the firewall? Any help would be appreciated.

Thanks,
Matt
0
Comment
Question by:mbarys
3 Comments
 
LVL 2

Expert Comment

by:peteysa
ID: 12197030
Good Evening,

Typically the VPN concentrator is plugged in externally one interface, internally second interface.  The VPN concentrator does not route/forward packets unless they are fully authenticated which is more secure than a standard firewall.  

Some Concentrators do support one armed configurations which would utilize only one interface, I am not sure if the Cisco supports that setup.  I know the sonicwall vpn concentrator has that option.

Cheers,

Dan
0
 

Author Comment

by:mbarys
ID: 12199552
That's what I figured. So I'm trying to understand how I would plug in the concentrator into the external interface. Would I hang a switch off of the router and then plug in the concentrator into that?

Thanks,
Matt
0
 
LVL 5

Accepted Solution

by:
netspec01 earned 500 total points
ID: 12201675
Actually a VPN can be setup behind a firewall, in front of a firewall or parallel to a firewall.  Parallel would be the most common since it is the most simple to do.

trusted network----firewall-------switch----router----ISP
           |                                      |
            ---------concentrator--------

You will need a static pblic IP address assigned to the concentrator.

The second most popular configuratio would be to have the concentrator in front of a firewall or screening router.  This allows you the distinct advantage of adding another layer of access control/filtering.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to choose hardware firewall 5 60
Claiming a Domain Name 7 52
Nimble Storage 3 103
Netgear modem router default firmware 11 31
Let’s list some of the technologies that enable smooth teleworking. 
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question