LITTLEBLACKDOG.COM

Posted: Thu Jul 02, 2009 5:04 pm Post subject: VPN Tunnel/Client Question

Here's a quick question for those who may know (My experience is limited in this area).

If I establish a VPN Tunnel between my home office and my client(s) sites, would I be able to connect to my home office with a VPN Client, and then send/receive traffic from/to my client sites?

The reason I ask is a few clients have a requirement of a static IP Address in order to run a VPN Client, which doesn't work when I end up having to travel to another client site or etc...

Posted: Thu Jul 02, 2009 5:19 pm Post subject:

Just so we're on the same page, is this what you mean?

hotel > home office > client site

no, at least not out of the box. you might be able to do something sneaky with routes, but I doubt it.

Your client's VPN device does not allow for mobile VPN connections?

Posted: Thu Jul 02, 2009 6:29 pm Post subject:

Olive wrote:
Just so we're on the same page, is this what you mean?

hotel > home office > client site

no, at least not out of the box. you might be able to do something sneaky with routes, but I doubt it.

Your client's VPN device does not allow for mobile VPN connections?

Yep, looks like we're on the same page.

One client so far requires a static IP address in order to connect to their site via Cisco VPN (I can establish a tunnel if needed). I have another client who utilizes a web portal that only allows access via Static IP (Or constantly updating a dynamic IP Address).

I'm expecting a few more to be this way as well, so I was looking to off this issue so I don't have to have a machine to RDP into back at the house...slows things down a bit.

Posted: Thu Jul 02, 2009 7:44 pm Post subject:

For some reason I think this document may be what I'm looking for:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080103ed0.shtml

If this is the case, wonder if I need two devices or if I could use one device that supports multiple interfaces?

Posted: Fri Nov 06, 2009 9:50 am Post subject:

I finally found a solution, and it only requires a single device:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008046f307.shtml

Essentially I issued the command: same-security-traffic permit intra-interface

Then added the remote networks to my split tunnel list/configuration for the VPN Client.

Seems to be working great so far =D

Posted: Sat Jan 02, 2010 11:34 am Post subject:

have a look at OpenVPN

you could acheive same stuff with it. very flexible

most likely better performance vs. cisco in same price range.

i use it at home + work, very flex and scalable. ony issue being no stateful vpn failover, which some consider it a security feature to not exchange states cross multiple boxes (states would including MAC/encrypt/decrypt keys)

Posted: Sat Jan 02, 2010 5:23 pm Post subject:

Mahmoud wrote:
have a look at OpenVPN

OpenVPN wrote:
OpenVPN is an SSL VPN and as such is not compatible with IPSec, L2TP, or PPTP.

The statement above eliminates this product in my perspective. I utilize IPSec site-to-site tunnels to establish connectivity back to my clients.

Anyhow, my issue was resolved awhile ago and I'm loving it =D

Posted: Sun Jan 03, 2010 6:30 am Post subject:

even Cisco's SSL VPN is not compatible with OpenVPN's SSL VPN Very Happy

so either case they are not compatible..

i suggested just in case you were intrested in saving money while getting same results for your future projects Embarassed