This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec Tunnel Host/LAN

Hi,

I have to build an IPSec tunnel but I have a question.
The tunnel must join a server behind our ASG with a customer LAN.
I don't want that our customer can "see" our network.
I just wish that our customer can "see" this server.

In the Astaro KB, I read the "Astaro to Cisco PIX IPSec Tunnel Example".
At the end of this example, in the "New IPSec Connection", "Local/Internal Network" is chosen. Is it possible to replace the "Local/Internal Network" with a Host (our server) ?

Thanks in advance.

Regards.

Trio.

This thread was automatically locked due to age.

0 UrsWeiss over 15 years ago

You can do it in two ways:

1. Connect the full LAN and only allow access to this server by packet filter
2. As you wrote, you can define your side of the VPM as a host only (which simply is an IP with a 32 bit subnet mask)

In both cases you should also take care that the customer is not able to access the other server in the same subnet (f.ex. if he connects to a RDP session)

For security reasons we isolate our customers with an VPN link to us with a VLAN for each and place their server into this VLAN.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 15 years ago

In both cases you should also take care that the customer is not able to access the other server in the same subnet (f.ex. if he connects to a RDP session)

For security reasons we isolate our customers with an VPN link to us with a VLAN for each and place their server into this VLAN.

The VLAN is an excellent recommendation in this situation, and is much easier than worrying about packet filters. Once you mention it, it seems obvious - genius!

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 Trio over 15 years ago in reply to BAlfson

Big thanks for your recommendations !!!

Have a nice week end.

Bye.

Trio
Cancel
Vote Up 0 Vote Down

Cancel