VPN method for DLSW over Internet?
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||||||||
|
Posted by Robert on June 5, 2008, 11:53 am
Please log in for more thread options the Internet. What is the minimum method of VPN that will accomplish this? I know I need to configure DLSW, but before I start figuring out the config syntax, does anyone know if a basic IPSEC VPN will work? Or do I need to use a GRE tunnel to get a virtual Tunnel interface? The problem is one end of the link will have a dynamic IP, so a basic crypto VPN tunnel would be nice. If I have to step up to GRE+IPSEC to make DLSW work, then I'll need to move up to DMVPN to get dynamic IP support on the remote end. That means my minimum router will need to be something that handles 12.4(T) I think. More $$ The remote end is somebody's house, hence the desire to keep costs down. Thanks, Robert | ||||||||||||||||
|
Posted by Scott Perry on June 5, 2008, 12:21 pm
Please log in for more thread options concentrators and GRE tunnels between Cisco routers. The important part is to have the DLSw circuit run between an IP address on each device which would best be configured on a loopback interface IP address on both devices. Once the VPN connection is established, the loopbacks of each DLSw peer will be accessible to the other, no matter what Internet IP address the VPN tunnel is going across. This would be the case when configuring a lan-to-lan or site-to-site VPN, not a RAS (remote access) VPN that a single host would use. Will the SNA traffic be used to connect mainframe controllers on one side of a WAN connection to a mainframe on the other side of the connection? If so, consider using SNA switching from the remote router to the mainframe. ----- Scott Perry Indianapolis, IN ----- | ||||||||||||||||
|
Posted by Bob on June 5, 2008, 1:34 pm
Please log in for more thread options It's for an IBM POS (point of sale) system. We have a single DLSW
link in the whole company to our customer which needs this kind of support, but I don't know much about DLSW personally. That one is over a P-P T1. We now have a need to extend this support to somebody's home. On Thu, 5 Jun 2008 12:21:16 -0400, "Scott Perry" >A common IPsec VPN will work. I have done this over IPsec using Cisco VPN
>concentrators and GRE tunnels between Cisco routers. >The important part is to have the DLSw circuit run between an IP address on >each device which would best be configured on a loopback interface IP >address on both devices. Once the VPN connection is established, the >loopbacks of each DLSw peer will be accessible to the other, no matter what >Internet IP address the VPN tunnel is going across. This would be the case >when configuring a lan-to-lan or site-to-site VPN, not a RAS (remote access) >VPN that a single host would use. > >Will the SNA traffic be used to connect mainframe controllers on one side of >a WAN connection to a mainframe on the other side of the connection? If so, >consider using SNA switching from the remote router to the mainframe. > >----- >Scott Perry >Indianapolis, IN >----- > >>I have a need to "bridge" SNA/Netbios traffic between two LAN's over
>> the Internet. What is the minimum method of VPN that will accomplish >> this? >> >> I know I need to configure DLSW, but before I start figuring out the >> config syntax, does anyone know if a basic IPSEC VPN will work? Or do >> I need to use a GRE tunnel to get a virtual Tunnel interface? >> >> The problem is one end of the link will have a dynamic IP, so a basic >> crypto VPN tunnel would be nice. If I have to step up to GRE+IPSEC to >> make DLSW work, then I'll need to move up to DMVPN to get dynamic IP >> support on the remote end. That means my minimum router will need to >> be something that handles 12.4(T) I think. More $$ >> >> The remote end is somebody's house, hence the desire to keep costs >> down. >> >> Thanks, >> Robert >
| ||||||||||||||||
|
Posted by Robert on June 12, 2008, 5:18 pm
Please log in for more thread options I made a mistake. It will not be SNA traffic, but there will be some
Netbios. I'm not sure if I just try to do an L2TP bridge over VPN or if DLSW still works for any-ol bridge traffic. Does it? These are 4690 IBM POS (cash register) controllers. The SAP addresses I need to transfer are: Protocol and SAP address in HEX NetBIOS = F0 RPL = F8 and FC TCC = E8 Can I still use DLSW with this? -Bob On Thu, 5 Jun 2008 12:21:16 -0400, "Scott Perry" >A common IPsec VPN will work. I have done this over IPsec using Cisco VPN
>concentrators and GRE tunnels between Cisco routers. >The important part is to have the DLSw circuit run between an IP address on >each device which would best be configured on a loopback interface IP >address on both devices. Once the VPN connection is established, the >loopbacks of each DLSw peer will be accessible to the other, no matter what >Internet IP address the VPN tunnel is going across. This would be the case >when configuring a lan-to-lan or site-to-site VPN, not a RAS (remote access) >VPN that a single host would use. > >Will the SNA traffic be used to connect mainframe controllers on one side of >a WAN connection to a mainframe on the other side of the connection? If so, >consider using SNA switching from the remote router to the mainframe. > >----- >Scott Perry >Indianapolis, IN >----- > >>I have a need to "bridge" SNA/Netbios traffic between two LAN's over
>> the Internet. What is the minimum method of VPN that will accomplish >> this? >> >> I know I need to configure DLSW, but before I start figuring out the >> config syntax, does anyone know if a basic IPSEC VPN will work? Or do >> I need to use a GRE tunnel to get a virtual Tunnel interface? >> >> The problem is one end of the link will have a dynamic IP, so a basic >> crypto VPN tunnel would be nice. If I have to step up to GRE+IPSEC to >> make DLSW work, then I'll need to move up to DMVPN to get dynamic IP >> support on the remote end. That means my minimum router will need to >> be something that handles 12.4(T) I think. More $$ >> >> The remote end is somebody's house, hence the desire to keep costs >> down. >> >> Thanks, >> Robert >
| ||||||||||||||||
| Similar Threads | Posted |
| VPN method for DLSW over Internet? | June 5, 2008, 11:53 am |
| DLSW Problem - Utilization High | December 16, 2005, 2:02 am |
| Which VPN Method More Secure? | January 22, 2007, 1:38 pm |
| DDNS - why won't my update method work? | December 17, 2005, 11:48 am |
| HTTP access and AAA method/freeradius. | January 19, 2006, 2:47 pm |
| Catalyst 3500 switching method | July 5, 2005, 11:56 am |
| Small office and Wireless security..which method is best? | May 20, 2006, 10:56 am |
| Routing Question - How to send default internet traffic to PIX and VPN traffic from router out internet | February 27, 2007, 1:58 pm |
| How does the internet really look like ? | October 5, 2005, 5:47 pm |
| Pix-to-Pix & Internet | May 22, 2006, 11:43 am |
| dmz with internet access | September 4, 2005, 10:24 am |
| Access Internet through VPN | October 7, 2005, 3:15 am |
| Slow Internet on T1 | December 17, 2005, 2:31 am |
| Internet slowness | December 19, 2005, 12:49 am |
| VPN Internet Issues | January 8, 2006, 8:56 am |
> the Internet. What is the minimum method of VPN that will accomplish
> this?
>
> I know I need to configure DLSW, but before I start figuring out the
> config syntax, does anyone know if a basic IPSEC VPN will work? Or do
> I need to use a GRE tunnel to get a virtual Tunnel interface?
>
> The problem is one end of the link will have a dynamic IP, so a basic
> crypto VPN tunnel would be nice. If I have to step up to GRE+IPSEC to
> make DLSW work, then I'll need to move up to DMVPN to get dynamic IP
> support on the remote end. That means my minimum router will need to
> be something that handles 12.4(T) I think. More $$
>
> The remote end is somebody's house, hence the desire to keep costs
> down.
>
> Thanks,
> Robert