Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(ASCEND) RFC ASCEND VPN solution?
Hi Everyone,Please assist if at all possible....
I have been looking over the online manual for MAX and MAX4000
series
and need to know whether i am on track here. Here is what i am
attempting
to do with ascii illustration for details. I am planning to set
up a VPN over
the big I. The main branch has a T1 frame relay currently which
is accessible
by some 5 offices that connect over 56k connections to the main
branch to
access a AS400. Please let me know what products if i am wrong
that i will
need to look at... thanks:') everything must be heavily secure.
>From what i
understand the MAX series has built in CSU and router with ATMP
for vpn use.
What i thought i would do is have main office use a MAX that is
hooked into
the internet by T1 connection. Should the branch offices go with
MAX as well?
That is how i understand it. They will access by 56k and need to
be secure as
well. That way all the branch offices are able to access via IP
the main
branch with the MAXes routing to the next routers up the web
chain. Should
i use GRE on this and if so can you point me to a howto set this
up? I plan
to use enhanced RADIUS for auth for all branches. That way
access is bi-
directional so that the main branch can also communicate in the
other
branches locations as well all encrypted with IPSEC from MAXes.
I am planning
to use a firewall and Secureid to authenticate roving users
dialing in
from isps or from home. One the Internet side of the equation
should be the
MAX(s) with encryption tunnelling turned on. The MAXes routers
route to
the branch offices and also in the main branches case route to
the DMZ
running a secure webserver. People accessing from the web are
routed to
the secure server by MAX. The branch office people are
authenticated
separately as they can enter the LAN using RADIUS or smart card
if using
dialup from ISP. Can the MAX and MA4000 series handle this
arrangment
safely? Is my below diagram right or off the deep end:')
[sslsrv-extdns]
DMZ dialupmodempool
| |
main-introuter-bastion-MAX4000?(extroutervpn)T1-Big
I-MAX?56k-extroute-bastion-introuter
|
AceServer
RADIUS
Auth .db
Everyone have i missed something here? Will i need a MAX4000 or
MAX?
What should i look at for the 56k links? What is the best
location for
the RADIUS to protect it? Am i on track? Is my security pattern
correct?
Best Regards,
dreamwvr@dreamwvr.com
_______________________________________________________________________
DREAMWVR.COM - TOTAL WEB INTEGRATION, DEVELOPMENT, DESIGN SERVICES.
Featuring Website Development and Web Strategies of a TOP Developer
<http://www.dreamwvr.com/dreambiz.htm> <mailto:dreamwvr@dreamwvr.com>
"As Unique as the Company You Keep." "===0 PGP Key Available
________________________________________________________________________
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>
Follow-Ups:
References: