• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 453
  • Last Modified:

What is the best vpn solution for temporary satellite offices.


Hello and thanks in advance for any help you can give me.

Here is the scenario:
Our network is Cisco based PIX. We have 8 plants throughout the US and are opening more soon. Our current configuration is each plant has 2 T1 one for WAN and one for internet. Our PiX are configured with crypto maps to all other sites for WAN failover. My problem is we are launching new plants and I have users in Hotel conference rooms with a single internet connection that I need to make into a satelite office. Does anyone have a good way to make this happen. I would like a simple solution that involves mininmal equipment.

Thanks.
0
Jffishbones
Asked:
Jffishbones
  • 5
  • 3
  • 3
  • +3
1 Solution
 
harbor235Commented:
A PC armed with Cisco easy VPN client which is downloadable free from the Cisco site. The type of medium
is not relevant. However, you may need to adjust for the latency in the satellite network.

harbor235
0
 
LloydSevCommented:
The PIX came with the Cisco VPN Client.  You can use this for your IPSec connectivity.
0
 
JffishbonesAuthor Commented:

Only prlbem with the vpn client is you can only have one tunnel from the source ip at a time where
i need multiple users accessing vpn concentrator from same source ip (Hotel Conference Room over cabel or dsl)
0
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 
Tim HolmanCommented:
You can have multiple VPN clients running behind a single NAT address.  VPN NAT traversal is based around a hash of the REAL address (eg 10.0.0.1) and the destination address (your VPN server), so as long as each client in the hotel has a different private IP address - eg 10.0.0.1, 10.0.0.2 then this really doesn't matter.
Cisco Easy VPN Config instructions here:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172787.html
0
 
pseudocyberCommented:
Theoretically, you could get a Linksys that does end point termination.  Then everyone behind it goes through the tunnel.  You could buy them pretty cheap, configure everything in house, and then ship them out to the remote site for user installation.
0
 
magicommincCommented:
Certain older model linksys/netgear router doesn't understand IPSec very well (second VPN attempt will kill the first one), on the cisco VPN software, you can check "IPSec over UDP" in the transport tab of your VPN profile, that way, even a cheap linksys would not be confused by IPSec. We have a similar case and it works well for us.
0
 
JffishbonesAuthor Commented:
We use the Cisco vpn client with ipsec / udp already problem is our vpn concentrator will not allow more then
one connection at our corporate office from the same network.
Also, once we establish a vpn to the corporate office how can we get the traffice to route to all other plants
which are connected via WAN.
0
 
pseudocyberCommented:
>>We use the Cisco vpn client with ipsec / udp already problem is our vpn concentrator will not allow more then
one connection at our corporate office from the same network.

This is a problem on your corporate office side.  So, if my neighbor and I are on the same broadband network and presumably the same IP network, we could not both do VPN at the same time?

>>Also, once we establish a vpn to the corporate office how can we get the traffice to route to all other plants
which are connected via WAN.

This is simple with routing.  You route your vpn network as you would any other internal net.
0
 
JffishbonesAuthor Commented:
It appears to happen that way but not sure if it is related to the Hotel network the users are on.

Not knowing much about the concentrator i assumed it was a security thing on our end.
0
 
pseudocyberCommented:
We have a lot of trouble with Hotels.  it's usually because of the Hotels' network infrastructure - using proxy servers, authentication, firewalls, etc.  A lot of them block IPSEC.  We're working on an SSL VPN because of all the hotel problems.
0
 
Tim HolmanCommented:
Where did you read that the VPN 3000 only supports ONE connection from each IP address ?  Do you have NAT-T (Nat traversal) enabled in the configuration ?  This behaviour strikes me as a little odd, although typical Cisco if this is indeed the case...  ;)
0
 
JffishbonesAuthor Commented:
Problem is we have all our laptop users cicso client configured for IPSEC over UDP which when coming from same site does not allow the use of TCP ports for address translation at the concentrator.
0
 
JffishbonesAuthor Commented:
Anyone had any experience with the Cisco 3002 VPN hardware client? Looks like it might take care of this problem.
0
 
Tim HolmanCommented:
Then use NAT-T (udp/4500) instead.... !  This will allow multiple clients behind the same IP address to connect.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 3
  • 3
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now