[vpn] Cisco VPN Products

dave.goldsmith at intelsat.com dave.goldsmith at intelsat.com
Fri Feb 8 18:51:34 EST 2002


I'm doing some crash research for a presentation early next week.  I have
some questions and I haven't found the answers yet looking thru the
documentation at  http://www.cisco.com/univercd/cc/td/doc/product/vpn/

Scenario:  Company has multiple office locations and users who need remote
access to multiple office sites.

1) Can a remote user with the Cisco VPN Client software be tunneled to more
than one office location at the same time? (Using Cisco 3000 VPN
Concentrators)  Reason: They need access to servers at both locations.

2) The primary focus for the Cisco 3000 VPN Concentrator is remote access.
Can it also be used for site-to-site connectivity?

2) If the 3000 VPN Concentrator can be used for site-to-site, can a remote
user with the Cisco VPN Client software connect to office location A thru
its 3000 Concentrator and then be redirected back out to office location B
which has it's own Cisco 3000 Concentrator?  This may not be necessary if
the answer to Q1 is yes.

Our current setup involves another vendor's product with 2 VPN gates
deployed at each location. The primary gate at each location is used for
site-to-site connections.  The second gate at each site is for remote user
access.  Once the remote users have connected thru the second gate, they are
'virtually' present at the office and can get to the other office locations
by acting as 'internal' users and have their traffic routed through the
site-to-site gates.

If possible, a single device solution would be desirable.

Next:  The product literature for the Cisco PIX 506 (SOHO device) says that
it supports 4 simultaneous tunnels.  The PIX 515 supports 400.  Usually, I
have seen the IKE negotiation be counted as 1 tunnel and each ESP SA
established to distinct internal hosts/networks be counted as individual
tunnels.  Is that the defintion that Cisco is using or do they mean that the
Cisco PIX 506 can be tunneled to up to 4 distinct VPN end-points at once
(with access to unlimited network segments behind the end-points?

Thanks,
Dave

############################################################
This email message is for the sole use of the intended
recipient(s) and may contain confidential and privileged
information.  Any unauthorized review, use, disclosure or 
distribution is prohibited.  If you are not the intended 
recipient, please contact the sender by reply email and 
destroy all copies of the original message.  Any views 
expressed in this message are those of the individual 
sender, except where the sender specifically states them 
to be the views of Intelsat, Ltd. and its subsidiaries.
############################################################

VPN is sponsored by SecurityFocus.com





More information about the VPN mailing list