[VPN] Question for site to site VPN

Roger Qian roger.qian at sholodge.com
Mon Mar 24 15:04:11 EST 2003


Does Cisco Config Maker work with Cisco router, concentrator, and PIX boxes?
Roger

-----Original Message-----
From: Mike Hancock [mailto:Mike.Hancock at sourcemed.net]
Sent: Monday, March 24, 2003 1:47 PM
To: hakan.palm at generic.se; roger.qian at sholodge.com
Cc: djdawso at qwest.com; vpn at lists.shmoo.com
Subject: RE: RE: [VPN] Question for site to site VPN


I have built VPNs with Cisco routers, VPN 3000, Checkpoint, Watchguard,
Micro$soft, FreeSwan and Netscreen. NetScreen by far is the most flexible,
quickest, easiest but the really cool thing is the Cisco Config Maker (free
from Cisco) Just load the 2 endpoint configs into Config Maker and "Drop" a
VPN between them: Bingo, Config Maker creates your crypto maps for both
sides. I did a 9 point fully meshed VPN in about 40 min.!!!!

2.6.006 is the latest I think.

M2C/HTH

Mike

-----Original Message-----
From: hakan.palm at generic.se [mailto:hakan.palm at generic.se] 
Sent: Monday, March 24, 2003 12:05 PM
To: roger.qian at sholodge.com
Cc: djdawso at qwest.com; vpn at lists.shmoo.com
Subject: Ang: RE: [VPN] Question for site to site VPN


Cisco routers are generally better for site to site VPN, but in my
experience the VPN 3000 Concentrator is really nice as well... It is really
hard to beat when it comes to regular remote access VPNs.

With a VPN 3000 Concentrator you can do some really nifty
stuff with policy routing on the LAN behind the concentrator to ensure that
the different customers are separated.

HTH,
/Palm




	roger.qian at sholodge.com
2003-03-24 18:39
		
	Till:	djdawso at qwest.com @ INTERNET, vpn at lists.shmoo.com @ INTERNET
	Kopia:	(Blank: Hakan Palm/Generic)
	Ärende:	RE: [VPN] Question for site to site VPN

Thank you Dana, if not using PIX, what Cisco device is better for the site
to site VPN, router or concentrator? Can all customers share a same IP
address pool? Roger

-----Original Message-----
From: Dana J. Dawson [mailto:djdawso at qwest.com]
Sent: Friday, March 21, 2003 5:24 PM
To: vpn at lists.shmoo.com
Subject: Re: [VPN] Question for site to site VPN


Since you have to use access-lists as part of the VPN configuration to
define all the hosts and/or networks at each end of each tunnel, if you
configure all the VPN tunnels with the database server as the only local
host, then it will do what you want.  The PIX should be fine for this,
assuming you don't otherwise exceed its VPN capacity.

HTH

Dana

-- Dana J. Dawson                     djdawso at qwest.com
Senior Staff Engineer              CCIE #1937
Qwest Communications               (612) 664-3364
600 Stinson Blvd., Suite 1S        (612) 664-4779 (FAX)
Minneapolis  MN  55413-2620

"Hard is where the money is."



Roger Qian wrote:
> Hi All,
> > We're a hotel service provider. If we setup a site to site VPN 
> > system with
> our customers how to keep the privacy for each customer on the VPN 
> system. We only need each customer to talk to a database server in our 
> end only
and
> no talk between any customers.  We have a existing PIX 515UR firewall, 
> do
we
> need to buy a dedicated Cisco device to act as a VPN gateway?
> > Thanks in advance.
> > Roger
> _______________________________________________
> VPN mailing list
> VPN at lists.shmoo.com http://lists.shmoo.com/mailman/listinfo/vpn
> > _______________________________________________
VPN mailing list
VPN at lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/vpn
_______________________________________________
VPN mailing list
VPN at lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/vpn




_______________________________________________
VPN mailing list
VPN at lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/vpn



More information about the VPN mailing list