Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3109
  • Last Modified:

VPN Connection between U.S. and China blocked

Awhile back we set up a VPN tunnel between our Cisco ASA devices at our datacenter and our Beijing office. At first, we were able to connect between the Cisco ASA devices over VPN however a few days later we were denied access.

It appears that the government of China does not allow VPN access from anywhere in the United States into mainland China. However they do allow VPN access for users in China to anywhere in the United States. I'm sure this is a common scenario for some of you out there and I'd appreciate the advice.

What are some ways to establish a VPN tunnel between both sites? Perhaps using a cloud based VPN service such as VyprVPN?
0
icsctech
Asked:
icsctech
  • 2
1 Solution
 
RafaelCommented:
set up a Point to Point VPN and have it initiated from the Beijing office. You can also set up a job at the Beijing office to do a call out from a server in Beijing office to a server in the Us to keep the VPN nailed up.
0
 
icsctechAuthor Commented:
Thanks for the info. It is worth a try to have the China Firewall initiate traffic and drop keepalives. Since there will be an email server in China does that mean that this will also need the same setup to each location with a mail server such as our DC, UK, and NJ sites?
0
 
RafaelCommented:
Possibly. I think as long as China initiates the connection outbound to any of those sites you should be fine.  If you have a Domain Controller there, it would replicate by default ever 45 min so maybe that is something you can look at as well.
0
 
Sean Hull CCIE 2052Principal System Engineer & Sr. Storage  Product ManagerCommented:
What I have learned is the the VPN will not be blocked if a leased line, local internet access, is already purchased from China Telecom(CT). This is known as a trusted link and therefore CT will not block the VPN especially if this is a site to site VPN. The risk is remote-site VPN's that are initiated on a non-leased line from China telecom.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now