1. Home
  2. Cisco Systems
  3. Newbie Question regarding VPN, NAT, remote VPN setup

Newbie Question regarding VPN, NAT, remote VPN setup

Group,

I apologize in advance for not knowing more about this stuff.

But our company has 3 locations, all running windows xp; a static ip address for each, and each has a cisco 1700 series router; There are currently VPN tunnels set up so that each office can access the other.

This setup was created by a network consultant, who is no longer in the picture.

I need to change the setup so a remote user, hopefully using the CISCO VPN 4.6 client software can connect to one of the three external IP addresses, and connect through to the internal network, hopefully with some authentication/password prompting.

I'm tempted to ask what should I do now, at this point but, I will ask: where can I look to learn how to do this? What terminology should I be using?

My instinct tells me this should be super easy because everybody does it, but I can't understand what needs to be done from the router help files alone.

Is authentication handled at the router? Is there separate server software that needs to run on an actual windows box or domain server? Once a connection and NAT to an internal address is established, what next? how do I restrict access via Windows login?

Thanks in advance and please direct me to the appropriate place if this is the wrong forum for this sort of topic,

Brad

Reply to
brad
Loading thread data ...

No problems, people post in NG's to get help, welcome!

Sounds good

OK

Easy enough

You would be connecting to the router using a IPSEC VPN, this VPN is encrypted and very secure. It is not uncommon. Go to the cisco website click on support and look through the documentation, take a read a this:

formatting link

I would not say easy, but once you get the hang of it, it becomes easier :)

Could be, or you can pass authentication off to a internal RADIUS server such as Windows IAS or *NIX platform

Does not need to be, you can create user accounts on the router itself, but people find it easier using the same password as there login to the network.

You create a pool of IP address that the clients are given when they connect, there does not need to be any NAT as the IP POOL is local to the network, in most cases, I would have to see how your network is defined.

What you need to ensure is that the IOS version you are running supports VPN, I can not tell you what IOS version that would be, but you will need to ensure the router is running it.

HTH,

Chad

Reply to
Chad Mahoney

Thanks Chad, that was a step in the right direction.

We don't have the VPN Series 3000 concentrator mentioned in the documentation, but there appears to be a simultaneous client/server setup that may work for us.

Regarding NAT, our 3 external fixed IPs are something like 69.x.x.x and all of the internal ones 10.x.x.x. I thought NAT had to map the incoming 69 packets to the destination 10 packets and visa versa for outward bound packets.

My simplified use case is this: Brad takes train to Chicago, loses thumbdrive containing important files in the seats Stops at starbucks or mcdonalds and connects to big-bad-internet Turns on wireless adapter radio and fires up CISCO VPN client .exe Points it to one of the 69 addresses at one of our offices (ideally would like to choose ANY). A CISCO 1700 miracle happens and suddenly I'm a 10.x.x.x address Brad drags and drops important files to laptop, slams an egg mcmuffin and is back on track.

Anyway, thanks again, I see there is also a website in the easyvpn doc file that has some configuration examples.

Brad

Reply to
brad

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.