Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (ASCEND) RFC ASCEND VPN solution?



You should use the Max 6000 at the central site and perhaps Pipeline 130's
at the remote offices. Radius generally sits at the central site.


At 01:31 PM 6/3/98 -0600, dreamwvr wrote:
>Hi Everyone,Please assist if at all possible....
>           I have been looking over the online manual for MAX and MAX4000
>series 
>           and need to know whether i am on track here. Here is what i am
>attempting 
>           to do with ascii illustration for details. I am planning to set
>up a VPN over 
>           the big I. The main branch has a T1 frame relay currently which
>is accessible 
>           by some 5 offices that connect over 56k connections to the main
>branch to 
>           access a AS400. Please let me know what products if i am wrong
>that i will
>           need to look at... thanks:') everything must be heavily secure.
>From what i 
>           understand the MAX series has built in CSU and router with ATMP
>for vpn use.
>           What i thought i would do is have main office use a MAX that is
>hooked into
>           the internet by T1 connection. Should the branch offices go with
>MAX as well?
>           That is how i understand it. They will access by 56k and need to
>be secure as
>           well. That way all the branch offices are able to access via IP
>the main
>           branch with the MAXes routing to the next routers up the web
>chain. Should 
>           i use GRE on this and if so can you point me to a howto set this
>up? I plan 
>           to use enhanced RADIUS for auth for all branches. That way
>access is bi-
>           directional so that the main branch can also communicate in the
>other 
>           branches locations as well all encrypted with IPSEC from MAXes.
>I am planning
>           to use a firewall and Secureid to authenticate roving users
>dialing in 
>           from isps or from home. One the Internet side of the equation
>should be the 
>           MAX(s) with encryption tunnelling turned on. The MAXes routers
>route to 
>           the branch offices and also in the main branches case route to
>the DMZ 
>           running a secure webserver. People accessing from the web are
>routed to 
>           the secure server by MAX. The branch office people are
>authenticated 
>           separately as they can enter the LAN using RADIUS or smart card
>if using
>           dialup from ISP. Can the MAX and MA4000 series handle this
>arrangment 
>           safely? Is my below diagram right or off the deep end:')
>           [sslsrv-extdns]
>                DMZ             dialupmodempool
>                 |                    |
>main-introuter-bastion-MAX4000?(extroutervpn)T1-Big
>I-MAX?56k-extroute-bastion-introuter 
>  |             
>AceServer         
>RADIUS
>Auth .db
>           Everyone have i missed something here? Will i need a MAX4000 or
>MAX?
>           What should i look at for the 56k links? What is the best
>location for 
>           the RADIUS to protect it? Am i on track? Is my security pattern
>correct?
>
>								Best Regards,
>									dreamwvr@dreamwvr.com
>_______________________________________________________________________
>
>DREAMWVR.COM - TOTAL WEB INTEGRATION, DEVELOPMENT, DESIGN SERVICES. 
>Featuring Website Development and Web Strategies of a TOP Developer 
><http://www.dreamwvr.com/dreambiz.htm> <mailto:dreamwvr@dreamwvr.com>
>"As Unique as the Company You Keep."        "===0 PGP Key Available 
>________________________________________________________________________
>                                                                   
>
>
>++ Ascend Users Mailing List ++
>To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
>To get FAQ'd:	<http://www.nealis.net/ascend/faq>
>
Matt Holdrege		http://www.ascend.com	matt@ascend.com
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>


References: