2 Replies Latest reply: Sep 27, 2011 7:08 AM by Fabio - FW specialist RSS

    VPN PROBLEM?

    moha

      I am a technical support engineer in a company consist of multi sites and all sites connected to HQ over a wan through 3G Connection at each site and HQ and the company has another 3G LINK TO THE INTERNET so any site want to access the internet will go first through the wan to HQ AND then to the internet

      the problem is:

      One of this sites has a machine installed inside it and we are planning to install a modem for this machine to be remotely controlled by an engineer out side the company network and his location is from the internet so how can I make this connection ?

      suggestion:I suggest that this can be done through a site-to site vpn but which type and what is the scenario for this solution and how can configure it?

      NOTE:

      ·th guidelines that sent to me from outside ware( the ip address of the vpn GW at thier location outside and also the IKE UDP PORT and also ESP version AND ALSO

      NAT-T port

      please I need the configuration or material for that and also which type of vpn site-to-site or multi point vpn?

       

      Topology:

       

      VPN GW FROM INTERNET----->INTERNET GW at HQ----->WATCHGUARD FIRE WALL------->HQ WAN GW------->GW OF THE REMOTE SITE IN WHICH THE MACHINE INSTALLED------------>MODEM OF THE MACHINE

        • 1. Re: VPN PROBLEM?
          Matt Bowler

          Hello,

           

            Do you know what capabilities the engineer outside the company network has?  If he has a router or firewall that supports a site-to-site VPN, that would be an option.  It would also be possible to setup a remote access VPN and use the Cisco VPN client to make connections to the network on an as-needed basis.

           

          -Matt

          • 2. Re: VPN PROBLEM?
            Fabio - FW specialist

            Hi moha,

             

            if the only requiremet is to grant access from an outside tech. to one or more server in your inside network, i think the better is to use a client-to-lan. The modem isn't needed.

             

            for this you need only a vpn-device (as firewall cisco asa)

            the public interface of this device will be the public peer of the VPN

             

            you can reach more documents and howto on internet

             

             

            regards