[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Best way to redirect traffic\Authorize etc.

Posted on 2009-04-28
5
Medium Priority
?
632 Views
Last Modified: 2013-12-06
Hi

I have a few 2-way satellite links using a VSAT connecting to the Internet through Cisco equipment.

I attached a simplified sketch of such a network (in real life this network has some 3 Cisco 2811 routers & 3 Cisco 2950 switches involved).

As you see in the sketch, the clients have real-world IPs & there's the VSAT internal network (10.0.x.x) between the VSAT & the Cisco. Also the way back to the VSAT is through another third network (the DVB network).

I'd like to add some Captive portal\Authentication\Authorization server so the clients behind the VSAT would have to login before they proceed to the Internet.

What is the best way for me to go? please try to be as specific as possible.

Thanks in advance
basic-sketch.JPG
0
Comment
Question by:meirjean
  • 2
3 Comments
 
LVL 57

Accepted Solution

by:
giltjr earned 1500 total points
ID: 24268776
Doe it matter where this "security" box resides?

I personally would suggest you get a proxy server and locate at the remote site.  The proxy server could do at least double duty, first force users to authenticate and second cache a lot of stuff to reduce the traffic on the VSAT link.  If you need to do site or content filtering, then it could also do that.

I know that Squid is a free proxy server that does authentication.  You can also setup Squid (or most other other proxy servers) so that they are transparent in-line.  Meaning that they are physically in-line in-between the users  and the external router.  The advantage of in-line transparent proxying is that there is no configuration needed on the users desktop.  
0
 

Author Comment

by:meirjean
ID: 24294421
Hi,

What's going to prevent the client from bypassing the "security box" when it sits at his end?

Thanks in advance,
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 1500 total points
ID: 24294722
If you install the "security" box in-line they can't bypass it.  The setup would be:

User <--> Switch <--> security-box <---> Internet router

The security box would need two NIC's and be able to act as a transparent bridge.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question