Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco VPN 1

Status
Not open for further replies.
ComputTech

ComputTech

Technical User
Feb 6, 2009
19
0
0
RS
Hi,

We want to create a VPN over Internet to create two offices in different places. We have Public IP Addresses in both sides, and if possible we want to do it without any help of ISPs.

I would like some advice over this issue as:

1. Can we do this with any CISCO router, if yes, which version you would recommend? It has to run a link 5 Mbps.
2. Are the ISPs in general allowed to interfere and block any port without informing us?

Thank you for any advice
 
Sort by date Sort by votes
No you have to use a router that has a crypto feature set. I prefer cisco asa for basic site to site VPN.
 
Upvote 0 Downvote
Thank you for prompt reply

I will try to find out more about CISCO ASA. Do they use any Web based configuration, or IOS?

Another issue is regarding VPN connection. Can I configure them in both sides using Public IPaddresses, or I have to contact ISPs. I would like to avoid them if possible.
 
Upvote 0 Downvote
A cisco asa is a firewall instead of a router and it can be configured via command line or GUI. Once you have the public ip addresses you don't need anything from the ISP
 
Upvote 0 Downvote
Thank you very much for this valuable information, which will make my job much easier.
 
Upvote 0 Downvote
One more issue I would like to discuss. I'm sure you experienced guys have faced it.

In the scenario we want to built as discussed above, I want to keep a Mail Server in let's say Site A, but I want it to be published in Site B, so IP address of Mail Server published in Public DNS will be the Public IP address of site B.
Does anybody have any idea whether it will work?
 
Upvote 0 Downvote
Depending on how the sites are set up, the VPN link can make the two sites appear as if they are all on the same subnet. In such a case, so as long as the VPN is up, Servers and other devices at either site are accessible to both sites.

By similar means you can force Site A to use the Internet Gateway (and the security features) of Site B, avoiding the extra cost of having to have two full Internet security systems. There are trade-offs, though. VPNs reduce the capacity of the link between them because of the encryption and protocol overhead involved. Also, the folks at Site A may resent having to use Site B's security features and their gateway.

The point is that once your VPN is up and operational, you can leverage it to great advantage in a number of ways.

 
Upvote 0 Downvote
This will be only two network sites connected through VPN over Internet.I'll try to push for CISCO ASA devices.

Most of users will be in site B, and only 2-3 in site A, but for support, and maintenance reasons, we want to keep most of services in site A. They can have internet directly from Site B, but it is crucial Mail Server to be physically in Site A, and published with Public IP of site B
 
Upvote 0 Downvote
To answer the second question, YES---the ISP CAN block VPN's if they want to. This is not uncommon, so I would check before spending all that cake on ASA's...

Burt
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
120
bdk76
bdk76
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
106
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
123
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
110
Hayden09
Hayden09
JMarine0811
  • Locked
  • Question
CISCO VG450 Factory reset
Replies
1
Views
141
whykap
whykap

Part and Inventory Search

Sponsor

Back
Top