[K12OSN] easy VPN?
Les Mikesell
les at futuresource.com
Sat Apr 24 17:04:14 UTC 2004
On Sat, 2004-04-24 at 09:58, Julius Szelagiewicz wrote:
> one additional question: how silly would it be to have single
> piece of equipment serving as both k12 and cipe vpn device for a small
> group of users. the network is T1 terminated by cisco 2170, natted with
> passthrough from public to private addresses.
The load won't be a problem - the blowfish encryption is very
CPU-efficient. I have 10 active tunnels terminating on a
similar box doing other work. The main issues are routing
and how often/long the box is down for other reasons. At
least one of the endpoints must have a public IP address
although this can be arranged with static nat on the outside
box. NAT would be a problem for an IPsec device, although with
the right IOS rev you might be able to do it directly on the
outside cisco. You also have to arrange for packets headed
to the remote lan to be routed through the CIPE host. If you
have a 2-nic k12ltsp box, everything behind it will already
be using it as the default route. My remote endpoints are
mostly smaller offices so most of them are SMEservers that
are also already the default gateway and providing other
services. Some of the remote offices run email locally
with all the users added to the SMEserver; some just use it
as a VPN and connect directly to the central mail server.
---
Les Mikesell
les at futuresource.com
More information about the K12OSN
mailing list