Vpn solution

Similar Messages

• Asa in active/active vpn solution licensing question

  Hello All
  I have a customer with the following requirements:
  1) A Cisco VPN Solution that will be support SSL VPN and Cisco Client VPN - The  solution will be a failover configuration running in an active-active set up.  The solution offered will be fully supported (i.e. it will not go into End of  Life or and lower level of support etc) by Cisco for the next 5 Years.
  a. We  would expect the devices to be similar to the ASA 5520 Appliance with  SW,HA,$GE+1FE,£DES/AES (Including ASA 5500 Advanced Endpoint ASS)
  2) User  licenses for the above - Please quote for both the following
  a. 500 appropriate SSL VPN User Licenses
  b. 250  appropriate SSL VPN User Licenses
  I am quoting them for the 500 ssl vpn bundle
  ASA5520-SSL500-K9 and for the
  ASA5520-BUN-K9.
  Is it right that in active/active  software 8.3 and above that the 500 ssl vpn licenses will be shared between the 2 asa's or will I need to have 250 licenses on each asa.
  Also I have read that in active/active I cannot use shared licenses, is this relevant in a vpn solution?
  http://www.cisco.com/en/US/docs/security/asa/asa84/license/license_management/license_86.html#wp2003381
  Url above has this “The  backup server mechanism is separate from, but compatible with,  failover.
  Shared  licenses are supported only in single context mode, so Active/Active failover is  not supported.”
  Also “Failover  Guidelines
  •Shared licenses are not supported in Active/Active mode. See the "Failover  and Shared Licenses" section for more  information.
  I also need to purchase the
  ASA-ADV-END-SEC and
  ASA-AC-M-5520 (any connect mobile) as the vpn client is eos/eol.
  Do I need to buy this for both asa's or can they share them in active/active mode.
  Thanks in advance.
  Feisal

  Hi Vibhor and thanks for the quick reply. We will be using version 9.3. I was aware that the ASA does not support PBR but I thought with the new code you could do some policy nat that could help influence the outbound flow?
  So in this case we have 2x ISPs and 2x public address space, one from each ISP. How is the NAT and routing handled by the ASA in this design?
  Can I not identify the guest subnet (192.168.0.0/22) and NAT this to a public address from ISP1 and also identify the corp subnets (10.x.x.x)  and NAT them to ISP2?
  My understanding (which is probably wrong) is that the NAT will select the egress interface rather than the routing table, so guest will be sent via ISP1 since the SVI interface of the ASA that connects to this ISP1 has an IP address from the same public address space..?
  Is that incorrect?
  Many thanks
  Rays

• Full mesh VPN solution for on MPLS network with PE and CPEs

  Hi,
  We are trying to evaluate some best solution for Hub-Spoke mesh vpn solution in a MPLS network. The VPN hub router will be in PE router and all the VPN spoke will be in CPE.
  Can someone please let us know what will be the best vpn solution, we understands that there will be some technical limitations going with GETVPN but still we did counld find any documenation for possiblity of using DMVPN.
  How about the recent flexvpn, can fex-vpn work on this requirement, where can i get a design/configuration document.?
  thanks in advance.

  Hello,
  GetVPN is intended for (ANY-to-ANY) type of VPN communication, over an MPLS network with Hub and Spoke Topology, your best Option is to look for Cisco (DMVPN) implementation where this type of VPN is primarily designed for Hub & Spoke.
  Regards,
  Mohamed

• Third Party VPN Solution - Private/Dynamic Addressing

  I am looking for a solution for the following:
  I need a to bring up sites in remote locations that don't have access to Cisco gear. I would like to be able to grab a PC or Linksys or equivalent and bring up a site to site VPN with a Cisco router.
  The Internet connectivity at these locations typically is using dynamic, private addressing.
  I am aware of the DMVPN solution but again this would require Cisco gear at the remote site.
  We have Cisco gear at the Head End.
  Does anyone know of a model of highly available cheap hardware or a software package that can be loaded onto a PC to accomplish this?
  Please advise.
  Thanks!

  We are looking for a site to site model. I want all the devices on the remote network to be on their own subnet. We need to be able to hit individual remote devices from the head end. The devices at the remote site in turn also need to be able to communicate with each other without having to use the VPN.

• Simple yet Secure VPN Solution?

  Or switch to Pertino
  There is nothing simpler

  We've got a Sonicwall (NSA-2400) and a contractor recently switched us from the Windows VPN (which I believe is PPTP?) to the Sonicwall Global VPN client. We hate it from a management standpoint as installing and configuring the VPN client takes about 30 times the steps as the Windows client did and there are going to be licensing fees if we continue, to name just a couple reasons.We are considering going back to the Native Windows VPN but realize this is a less secure solution from what I've been told. Our servers are Windows 2012 (and a couple UNIX boxes) and workstations are Windws 7.Is there a VPN option out there that has decent hardening but without the significant additional complexity and cost as the SonicWall Global VPN setup? We don't need an extreme level of security as this is a small business that isn't an attractive...
  This topic first appeared in the Spiceworks Community

• The Next Level - VPN solution

  Ok just months ago I implemented removing our existing Linux server that was used to authenticate and give 30+ XP users, file and internet access along with roaming profiles with a brand new MacPro server.
  I'm still utilizing a seperate Linux box as my internet gateway/firewall. Now that I have everything running quite smooth, my next step is to start taking advantage of the services it offers and want to setup VPN access to alleviate my boss having to come into work just to get file access.
  My initial solution was to just pick up a regular SOHO router but I love Apple products so much, I'd like to know if using the Airport Extreme be a safe and secure method for VPN or do I need to look at a dedicated VPN router?
  There are so many choices, its all a bit confusing. Thank you.
  Message was edited by: Darryl M

  My initial solution was to just pick up a regular SOHO router but I love Apple products so much, I'd like to know if using the Airport Extreme be a safe and secure method for VPN or do I need to look at a dedicated VPN router?
  The AirPort Extreme isn't a VPN router - it won't handle authenticating external users and getting them onto the local network. The best you could do is setup port forwarding to relay the connections to an internal server running VPN server software. The Mac server can do this but, IMHO, isn't the best solution.
  As a result I'd recommend getting a SOHO router that can terminate VPN connections and use that.

• Sizing VPN solution

  Hi,
  I have a client that like to setup a solution for connect around that 200 remote client  for upload a file around 40Mb, using a VPN connection.
  The problem is that this upload is run in a short time and all at same time.
  The 200 remote site connect betwen 6:30 pm to 8:00pm and upload this file; in the wore case all 200 client can be connected simultaneously sending the file.
  What're Cisco solution can be use to make this solution ? maybe a ASA5510 or any VPN concentrator.
  Thanks for your ideas and experience.

  The internet channel dedicate for 6Mb.
  My custommer using that VPN to upload a file from POS using ftp server in they LAN.
  Now they using a ISA server and pptp vpn forit, but they have problem to concurrence.

• VPN solution for Mac

  Hello,
  I am interested in the QuickVPN solution for a Mac.  Is this software available?  I am getting mixed messages in my searches.
  If not, what is the secure, reliable way to use an RV-120W with a Mac?
  Thanks,
  John

  Hi John,
  Yes there is a solution to etablish VPN from MAC to RV120W using IPsecuritas (VPN client)
  link to download : http://ipsecuritas.en.softonic.com/mac/download
  And this is a link how to configure IPsecuritas with Cisco Router support IPsec and Xauth users
  http://www.cisco.com/en/US/docs/security/multi_function_security/multi_function_security_appliance/sa_500/technote/note/SA500_mac_appnote.pdf
  Please mark answered for helpful posts 
  Thanks
  Mehdi

• Is Lion Server a good personal VPN solution?

  I'd like to set up a VPN server on my home network for the following reasons:
  Enable access to my network shares from my Air when I'm away from home
  Encrypt my connections from my iPad, iPhone, and Air when on unsecured WiFi networks
  For #2, I currently use Witopia, but it's a fairly expensive service and with Lion Server now just $50, why not do it myself and add the ability to access my local network from anywhere?
  What I'm wondering is whether running Lion Server on my Mini is a good option for achieving this without undue risk to my local network, or is it going to be a big pain to setup?

  After the Genius Bar guys at our Hamburg Apple Store had given up on this issue, I finally solved the problem - my VPN is up and running!
  After re-installing both OS X Lion and Lion Server several times I realized that certain settings (apparently also for the VPN server) are kept  in the invisble recovery partition that Lion installed on my Mac Mini  (e.g., 'com.apple.RemoteAccessServers.plist'). They even survived a reformatting of the hard drive. Something must have gone wrong the first time I tried to set up the VPN server and the "sudo serveradmin settings vpn" command revealed that the settings survived every re-installation.
  Therefore, I physically removed the hard drive and formatted it using a different Mac running Snow Leopard.
  It is important not only to erase the disk but also to partition it. This might even work under Lion without having to remove the drive...
  After another re-installation of OS X Lion on the clean drive over the Internet from Apple's server (pressing the command-R keys while rebooting) I did a system update and subsequently installed the Server app.
  After that I was able to start the VPN server from the Server app.
  Inside my local network it was then possible to connect to the VPN server from an iPad 2 (iOS 4.3.5) and from an old Powerbook G4 (Leopard), but not from a MacBook Pro with Snow Leopard.
  However, all clients were able to make an external connection through my Deutsche Telekom Router (SpeedPort 722V) with forwarding of ports 1701 (UDP), 500 (UDP) and 4500 (UDP) and enabled GRE and ESP protocols.
  For the sake of security I have disabled (closed) all arbitrary ports of the server's own firewall while it's local network ports (192.168.x.y) are all open to enable any internal connections.
  It is a serious restriction, however, that the Lion Server only offers the L2TP VPN protocol. Maybe the commercial iVPN solution is an acceptable workaround: http://macserve.org.uk/.
  Regards, Björn

• Best VPN Solution

  Hi,
  I have got two 1841 and one 881 cisco router. I can keep any one of this router at HO and remaining at branch office.  I have got a static internet IP at HO but dynamic IP at branch office.
  I want to setup a VPN to connect to HO from branch office through router. The branch connects through a private IP for internet purpose. Which VPN is the most secure and best for this purpose.
  Regards,
  Mero

  That's a typical scenario for the Dynamic Virtual Tunnel Interfaces (DVTI):
  http://www.cisco.com/en/US/partner/docs/ios/12_3t/12_3t14/feature/guide/gtIPSctm.html#wp1027258
  Don't stop after you've improved your network! Improve the world by lending money to the working poor:
  http://www.kiva.org/invitedby/karsteni

• FW/VPN solution

  I am currently using BM as my gateway for services (mail,web server etc) and
  VPN
  This BM is NOT used for browsing OUT
  Is there anything else that can replace it with minimal management overhead
  (appliance?) for same tasks in Novell eDirectory network
  Thanks
  Seb

  In article <cUkFk.11556$[email protected]>, Sebastian
  Cerazy wrote:
  > Seems to be the only product that is easy to deploy
  >
  Depends on what you want it to do, and your familiarity with it. Some
  years back, when I was working with NSM (and doing BrainShare
  presentations on migrating from BM to NSM), I got somewhat frustrated
  in the differences between how BM did things and how NSM did things.
  Things that were strengths in BM were weaknesses in NSM and vice-versa.
  I eventually concluded that NSM came close to BM in the BM
  capabilities, but it did not match BM. (NSM also offered things BM
  could not do). Bottom line was that if you were a BM user and making
  use of many of the options, or some options in particular, NSM was not
  a perfect fit, and you would have had to change or give something up to
  migrate. If you were starting from scratch, NSM/Astaro was an easier
  proposition.
  Craig Johnson
  Novell Support Connection SysOp
  *** For a current patch list, tips, handy files and books on
  BorderManager, go to http://www.craigjconsulting.com ***

• Mpls vpn solution

  Hi i am desinging an MPLs ip based vpn for large enterprise.is there any simulator where I can check my results for various applications like voip,videoconferencing etc.
  Thanx
  Usman Shaikh

  Unfortunately not. The easiest way would be to put a proof of concept lab together.
  Hope this helps,

• Simple VPN solution mac to mac

  I have a PM G5 at a fixed IP address and want to VPN into it from my 17" PB on dialup as I travel... Both are running 10.4 client.
  So what is the simple way to get a VPN set up... (never done VPN before, but want secure dial-in)
  a) do I need to install 10.4 Server onto the Desktop to get the VPN software on it, ready for the laptop to log into... ???
  b) is there EASIER 3rd party software rather than going to 10.4 server for just VPN... ???
  c) is it EASIER to use hardware VPN... ???
  Sure appreciate some guidance as I dont know where else to start...
  GreyHare

  There is AlmostVPN. You can also just turn on "Remote Login" in the Sharing PrefPane and tunnel in through ssh. You can get an idea about tunnels on the AlmostVPN site. There are other sources if you google "ssh tunnel mac os x".
  ssh is an encrypted log in to your home computer. Tunnels allow you to send data over a particular port through the encrypted interface.
  You can also try OSXvnc and Chicken of the VNC. This link talks about using tunnels with vnc.
  1.8 SP G5/iMac G4 FP/PB G3 Pismo   Mac OS X (10.4.3)   XLR8 G4 Upgrade for Pismo

• IPhone low cost/free VPN solution

  All,
  You can find my implementation which uses IpCop here under "IPCop L2TP/IPSEC "RoadWarrior" for IPhone":
  http://bo.kohut.googlepages.com/bo%27sipcoptidbits
  I have been using it for sometime now with great success and I only use the cell network, never wifi. I have this running as a VM in an ESXi server albeit this doesn't matter for the how-to example. This is not a how-to for a beginner as it assumes various degrees of technical skills but a dedicated person with some abilities should be capable.
  Drop me a line if this helps you out, as I say in the post this took me several sleepless nights to 'figure' out.
  Bo

  The best thing is to browse the app store and see what gets your attention. Each app has a bunch of reviews by people who have used it.

• Best solution for managing 50 remote sites via cisco vpn

  At the moment my support organisation use the cisco vpn client on their windows pc's to provide remote support to our customers. I want to know if there is a solution from cisco that would support nialing up the 30 connections all the time without having to use clients on individual pc's. I know there will be issues because some of the sites will have conflicting lan ip address ranges. We would like to offer improved support to our customers for example using nagios to monitor their servers but this is not possible if vpn connection if not nialled up.
  Please help with the best solution.

  L2L vpns solution is suitable for your scenario, depending on your traffic load for each site u would have to do assesment on that, any asa5510 or higher in an active/standby architecture with stateful failover sure can do the job. As for conflicting LAN ips there is ways to work around that by using NAT or Policy NAT.
  ASA product line
  http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html
  Perhaps for monitoring/managing Ipsec tunels CSM Cisco Security manager
  http://www.cisco.com/en/US/products/ps6498/index.html