Best design solution VPN for Central/branches

Hi all

I would like your comments on the design of a VPN account solution required the following:

Right now, the customer has a single office. I will be putting in place of a Cisco 1811w for them, and its main functions will be wireless, firewall with CBAC and EZVPN server access.

Server EZVPN function will be carried out so that employees with laptops can work from home.

In the near future, there will be about 4 branches in operation.

Static IP address is available for the main office, but I'm not sure if the static IP will be available for the office once they are established (there are 50 / 50 chance).

There will be an Active Directory server in the central location and will be accessible from the branches.

My question is - given the uncertainty in the branches having a static IP - what is the best way to implement the VPN to connect them to the branch?

Each branch will have an installed Cisco 831.

Is EZVPN a viable, given the above requirements?

Is it possible to put in place the 831 as customers without XAUTH EZVPN, all keeping XAUTH for employees using EZVPN clients?

If this does not work, XAUTH might have to.

Or, given the situation, you would opt for DMVPN... Unfortunately I do not know too much about it as the technology for now... What are the advantages / disadvantages of its use, if it is an appropriate solution to this scenario?

Thank you all in advance for your comments!

Sean

I think that you need to use a mode of expansion of network (configured in the vpngroup) instead of client mode. Just make sure that each office uses a different and not overlapping address space.

Tags: Cisco Security

Similar Questions

  • What is the best vpn for OS 10

    What is the best VPN for my MacBook Pro running Yosemite

    The question is really not much sense.

    A VPN is not something that you install on a computer. It's a service that you connect to, as such, there is no better for a specific type of computer.

    What exactly you need to accomplish with a VPN?

    Usually, a VPN is used to connect to a remote network and use its resources, such as printers and servers, as if you were connected locally to them.

  • Design of network for a shared Business Center

    Hello

    I was asked to design a new shared business center network, but I need help.

    The scope is:

    -a building, access Internet 1

    -15 private offices

    -each Board can have up to 4 LAN connections

    -each office can have its own local network VIRTUAL (with Internet access)-max of VLAN 15 online

    -some offices can be merged (1 VLAN for many offices)

    -VLAN only have access to the Internet, but must be strictly isolated from others

    -DHCP must be available for each VIRTUAL local area network

    -WiFi must be available everywhere, but each user can connect only to its own LAN VIRTUAL (ID and PW) provided

    -management of connectivity and VLAN must be as simple as possible (GUI)

    What do I need put implement this configuration?

    Thanks in advance for your help.

    Hello

    A high level, you might want to switch support VLAN to connect and separate all individual offices. You could master this (3750/3560) switch to a Cisco ASA firewall, which, in turn, you may have interfaces on the trunk, a link on the side of the ASA. 1 for each VLAN configured. ACL security could be applied to each Sub Interface as well as a DHCP server for each VLAN can be configured on the SAA also. I would be not actually laid the present and let tenants handle their own LAN 'each office can have its own VIRTUAL LAN. " This would add unnecessary complexity.

    Wireless, can be as sophisticated as the installation of a wireless LAN Controller and several APs for centralized management of the APs. You can assign identifiers VLAN to different BSSIDs. Or you can use 1-2 Points of access and manage them individually. Cisco Aironet 2600 has GUI and allow VLAN tags by SSID. A site for the wireless range would be necessary.

    Haven install some of these types of networks, the above is all very high-level and depend on specific reuqirements, but should be a good starting point for you.

    Concerning

    Stephen

    ==========================
    http://www.rConfig.com

    A free, open-source network device configuration management tool customizable for your needs!

  • Is there really a customer Cisco VPN for Linux? _Really? _

    Hello people,

    I finally after almost a brain aneurysm trying to think too hard I have my Cisco 881 - SEC - K9 router configured properly for a multi-point my Amazon Virtual Private Cloud IPSec VPN tunnel, so that the obstacle is finally spent, and I think that it has been a very important step in my life somehow. I never thought I'd see the day, I actually got my hands on a legitimate Cisco non - stink... uh... I mean, non-linksys router. Now I can't find a "client" VPN for Linux program. I am running a Xen Hypervisor environment on openSUSE Linux because it is the only Linux distribution that fills all my laborious requirements in a Linux server environment. It is also the most mature and sure Linux on this planet, making it the most significant Linux distribution for my research needs.  Using NetworkManager is not really an option for a Linux based server environment and OpenVPN is just too complicated to understand for my little tiny head.  I've heard of some mysterious "easy VPN", but after that hours of digging online there is no information on this subject, even the Cisco download link leads to a Page not found error.  I see a Linux VPN API for the AnyConnect program, but is it a real VPN client, or just an API?  It seems to want my money to download it, but I have no money nor I really know what it is because it's all closed, the secret-like source and I can not even find a simple README file on him explaining what it is exactly.  I'm just a developer of off-work software attempts to connect to my home for personal use router and I can not really afford to more than $ 1 million for a single program I will only need to download once in my life that should have been included with the router in the first place of the fork. I have that more volunteer will probably not yet able to understand how to use the program when even because I don't know anything about VPN connections, that's why I bought this router so I can try to figure it all out as part of the open source nonprofit, research, I am currently conducting.  Is there some sort of period of evaluation or trial for personal use? Which would be really good if I could at least know if I will be able to understand or not.  I hate throwing money when it is in such a shortage these days. Is there really no alternative to a Cisco router.  It is an absolute necessity for the things I'm trying to accomplish, so try to settle for something else and past with my life isn't really an option. No, it's something that I just need to raise its head on and finish.

    I may be a little too crazy in me for my own good, but I don't see why it should take so much money just to learn to do something for personal use, it is not really a skill that I would never use otherwise.  Wouldn't be great if Cisco did their VPN client open-source and free for the public to use and modify, improve, learn and to grow and bring the whole world together in a community? Even the source code to the discontinuous old Cisco VPN client could be used as a tool for learning valuable for some poor student hungry or developer of Open Source software somewhere trying to cope with Sauce and Ramen noodles noodles Ramen on toast (don't tell me you've never thought about it).  With the ripple effect, it would significantly improve sales over time, because it would open the door to a whole new market where could those who previously could not afford to participate now. That's the real power of Open Source. It creates a more skilled workforce for the future by contributing openly and share knowledge. What happens if the next big internet technology and the solution to the global tyranny - the solution to end all wars forever - locked in the mind of a software developer to unemployment, which could not afford to upgrade their software to router from cisco or access the software they need because he was source closed and required engage in a costly to download service contract?  It would be just terrible, wouldn't it?  I guess there is no way to ever know for sure. I guess I'd be as happy if a kind soul out there could tell me an alternative easy to use for one always on the VPN connection that is running in the background that does not require NetworkManager or having to spend days days searching in and trying to figure out some really poor or extremely complex documents?  I apologize for all the sentences run on posed as a question, but just a few serious mental exhaustion of this, being unemployed is a few people from hard work. I really could use a vacation.  Maybe a camping on the coast trip is in order after I get this job, that sounds nice, isn't it? Nothing like a summer storm on the beach to the ocean--away from technology - to refresh the mind.

    I won't step in all the discussions in there, but you might want to look into is vpnc and openconnect.

    The two opensource projects that seem to work with devices Cisco, for a long time, I've been a user of vpnc.

    http://www.infradead.org/openconnect/

    http://www.UNIX-AG.uni-kl.de/~Massar/vpnc/

    Looks like some of your questions, concerns should be directed to your Cisco rep.

    There is an AC for Linux client (component the GUI and CLI). If you have problems finding - get it from 'package' (for linux) file, which is essentially a zip.

  • Design of database for a helper.

    Hello does anyone know
    Design of database for a helper.
    ERD
    Features and business rules
    ?

    The best way to approach a design of database is to write a specification for the application. The document, which deals with the assistance of technicians will do. In the process of determining what pieces of information, they work with. When you have written complete specification, you can start then group the items of information they work with. For example, a ticket can have a number, status, priority, and a person who is associated with. The person to which is entrusted the ticket will have a name, phone number, email address and a list of technical skills.

    So in this simplified example excessively, we might have a table that contains the information of the ticket, a table that contains information about the technicians and an array of skills. Then ask free questions as "a ticket can be handled by more than one technician?" "A technician can manage more than one ticket? Can a technician cause several skills? "In this way, you can begin to see relationships on a one-to-one, one-to-many and many-to-many that exist.

  • who is the best 4 db Trigger for auto-differentiels?

    Hello

    Who is the best 4 db Trigger for auto-incrementielle of an id ...?
    With the help of a sequence and the sequence of call in an insert...
    Or by using the following code:
    ----------------------------------------
    SELECT NVL(MAX (SCDEDULE_ID+1),0)
INTO V_SCDEDULE_ID
FROM INSP_DAILY_SCHEDULE ;
EXCEPTION
when NO_data_found then null;
WHEN OTHERS then null;
END;
    or both are the same thing... ?

    Pls advice me..... !

    Kind regards

    Abdetu...

    As already mentioned, you should definitely use sequences, because they are the only mechanism that works in multi user environments. Each user will receive a different schedule_id assigned, while the use of the nvl - max method two sessions when it is running at the same time will acquire the same schedule_id. You can of course lock the entire table to work around this problem, but which leads to questions of scalabilty. Sequences are also faster, as can be seen in the following example:

    SQL> create table insp_daily_schedule
  2  ( schedule_id number primary key
  3  , other_columns varchar2(100)
  4  )
  5  /

Tabel is aangemaakt.

SQL> create sequence myseq
  2  /

Reeks is aangemaakt.

SQL> create package schedule_api
  2  as
  3    procedure add_daily_schedule_nvlmax
  4    ( p_other_columns in insp_daily_schedule.other_columns%type
  5    );
  6    procedure add_daily_schedule_sequence
  7    ( p_other_columns in insp_daily_schedule.other_columns%type
  8    );
  9  end schedule_api;
 10  /

Package is aangemaakt.

SQL> create package body schedule_api
  2  as
  3    procedure add_daily_schedule_nvlmax
  4    ( p_other_columns in insp_daily_schedule.other_columns%type
  5    )
  6    is
  7      l_schedule_id insp_daily_schedule.schedule_id%type;
  8    begin
  9      select nvl(max(schedule_id),0)+1
 10        into l_schedule_id
 11        from insp_daily_schedule
 12      ;
 13      insert into insp_daily_schedule
 14      ( schedule_id
 15      , other_columns
 16      )
 17      values
 18      ( l_schedule_id
 19      , p_other_columns
 20      );
 21    end add_daily_schedule_nvlmax
 22    ;
 23    procedure add_daily_schedule_sequence
 24    ( p_other_columns in insp_daily_schedule.other_columns%type
 25    )
 26    is
 27    begin
 28      insert into insp_daily_schedule
 29      ( schedule_id
 30      , other_columns
 31      )
 32      values
 33      ( myseq.nextval
 34      , p_other_columns
 35      );
 36    end add_daily_schedule_sequence
 37    ;
 38  end schedule_api;
 39  /

Package-body is aangemaakt.

SQL> set timing on
SQL> begin
  2    for i in 1..10000
  3    loop
  4      schedule_api.add_daily_schedule_sequence(lpad('*',100,'*'));
  5    end loop;
  6  end;
  7  /

PL/SQL-procedure is geslaagd.

Verstreken: 00:00:00.93
SQL> /

PL/SQL-procedure is geslaagd.

Verstreken: 00:00:00.92
SQL> /

PL/SQL-procedure is geslaagd.

Verstreken: 00:00:00.92
SQL> begin
  2    for i in 1..10000
  3    loop
  4      schedule_api.add_daily_schedule_nvlmax(lpad('*',100,'*'));
  5    end loop;
  6  end;
  7  /

PL/SQL-procedure is geslaagd.

Verstreken: 00:00:01.32
SQL> /

PL/SQL-procedure is geslaagd.

Verstreken: 00:00:01.68
SQL> /

PL/SQL-procedure is geslaagd.

Verstreken: 00:00:01.32

    The only counter-argument that can be given for the nvl - max method, is that it is the independent database, while Oracle sequences are used by Oracle only as far as I know. But since independence database should never be a goal because it leads to poor applications and poor database design because it can only operate features that each database has, this argument is hardly any value.

    Kind regards
    Rob.

  • What is a good VPN for Mac and iOS client?

    I want to identify a strong product of VPN for Mac and iOS.  I want something that is easy to install and maintain, and it's effective.

    Thank you

    This depends a lot on what you're trying to accomplish. Can elaborate you on why you think you need?

  • What is the best protector of screen for iPhone 6 s Please?

    What is the best protector of screen for iPhone 6 s Please?

    Anyone who has a type of glass

  • SOLUTION: Get Win 7 printer drivers/HP Solution Center for work on Windows 8

    Took me some time to understand it, but I managed to do the work.

    First of all, the preliminaries:

    I have a laptop HP dv9700t running the 64-bit version of Windows 8 Pro RTM (not the preview, but I guess it will work as well on the preview).  My printer is a HP Photosmart C7280.  If you have a different printer, it is possible that something similar to how I solved my problem will help you, especially by running your installation in Windows 7 Compatibility Mode files.

    Windows 8 is provided with printer C7280 stock drivers that work by going to control panel > printers and devices > add a printer, but there is only limited to those features.  As such, I wanted to run the HP Setup files have increased functionality.

    Unfortunately, when I run the full installer of HP for my printer, there was no button 'Install a printer', or one of the other usual buttons.  There was only one button "quit".

    Here's how to let him run and install correctly.

    Right click on the HP full installation file, then properties > compatibility > then check the box "run this program in compatibility mode for:", select "Windows 7" in the drop-down list box, then click on 'OK'.

    Run the installation file as you would normally in Windows 7.

    I tried this two ways... first when you're connected via a USB cable.  It works perfectly without error.

    I also tried with the printer connected to the network via WiFi.  A few problems.

    The installation program detects my printer very well, and I clicked 'Next' or 'OK' or whatever the prompt was to install the printer.  The installation would hang 'Response of SNMP' (or something similar) and it would list the IP address of my printer.  I waited, waited, waited for an hour, and it would not go beyond that.  Not to worry.

    Proceed with the normal installation until you get the message 'Response of SNMP' and the installation fails.

    Enter with CTRL-ALT-DEL Task Manager.  You will see an entry in the 'Apps' to the installer of HP... DROP.

    Below the "Apps" list, you will see the list of "background processes".  In this list is something along the lines of "HP Network Interface user", or something similar, consuming a significant amount of CPU.  Highlight this entry and click "End task" downstairs.

    The "SNMP" window closes and your installer will end then normally and your printer/fax/scanner will be installed correctly.  HP Solution Center works normally, like printing, scanning, etc.

    The next person who uses that will give a few comments and also answer a few questions for me so I can update this post with more specific information?

    Please let me know what is the exact "SNMP" message when the installation is blocked.  Please let me also know that the exact name of the background process "HP Network User Interface" is, and the name of app Installation HP.

    I hope this will help you.

    Glad to hear that a form any of my solution works for others.

  • What is the best browser to use for a home user?

    What is the best browser to use for a home user,

    original title: browser

    It's really a matter of personal preference. He has Firefox, Chrome, Safari and many more. They have differences, but as long as you have a decent security program, it is really important that you use. Try a few and see what you think. They are easy to install and easy to remove. Most will import your Favorites during the installation.

  • where can I download center solutions HP for 32-bit vista and the deskjet all in a f 2180

    Hello

    where can I download center solutions HP for 32-bit vista and the deskjet all in a f 2180

    Hi dredgard

    You need to download the driver from the link below and the full features software

    http://h10025.www1.HP.com/ewfrf/wc/softwareCategory?OS=2093&LC=en&cc=us&DLC=en&sw_lang=&product=3177562

  • AnyConnect 3.0 supports IPSec VPN for remote access?

    Hello world

    I've read about Cisco AnyConnect 3.0 issues that it supports IPSec VPN for remote access:

    http://www.Cisco.com/en/us/prod/collateral/vpndevc/ps6032/ps6094/ps6120/qa_c67-622477_ns1049_Networking_Solutions_Q_and_A.html

    I downloaded and installed the Client AnyConnect Secure Mobility Client 3.0.0629, but I'm not able to get the IPSec VPN works. Also, it has no option to use the previous of Cisco IPSec VPN client PCF files.

    Can someone point me in the right direction to get IPSec VPN AnyConnect 3.0 work?

    Thank you in advance!

    Hello

    Takes AnyConnect support IPSEC from version 3.0, but only in combination with IKEv2.

    There is no option to use a CPF file with it and the config should be pushed through a profile Anyconnect.

    More information on this:

    http://www.Cisco.com/en/us/docs/security/vpn_client/AnyConnect/anyconnect30/Administration/Guide/ac02asaconfig.html#wp1325361

    You should also change the ASA config so that it accepts negotiations IKE v2:

    http://www.Cisco.com/en/us/docs/security/ASA/asa84/configuration/guide/vpn_ike.html#wp1144572

    Kind regards

    Nicolas

  • Access remote vpn for the cisco1841

    Hi all

    Can I have an example configuration of a vpn for remote access to work for cisco router 1800 series?

    My cisco 1800 series router already a site to site vpn, so can I still set up a vpn for remote access using the existing IKE policy?

    Is it true that cisco router do support 1 IKE policy? Pls advise. Thks in advance.

    what you have is correct

    the line of authentication that you mentioned on is to suggest that we use the local user database authentication

    If you have an external aaa server as Ganymede + or radius, you can specify that, instead of local, local, is a key word to suggest local authentication

    your local database would be so user name passwords what ever you store on the router as

    username cisco password cisco

    hope this helps

    If this answers your question please note this as responded to the benefit of users in the community

  • A design of query for the conversion of time difference in days, hours, Minutes

    Hi all

    A design of query for the conversion of time difference of time in number of days remaining remaining hours minutes and rest in seconds. Made this one till now. Please suggest for all modifications, until now, it seems to work very well, kindly highlight for any anomaly.

    WITH DATA (startDAte, EndDate, Datediff) AS (SELECT to_date ('2015-10-01 10:00:59 ',' yyyy-mm-dd hh24:mi:ss'), to_date ('2015-20-01 03:00:49 ',' yyyy-mm-dd hh24:mi:ss'), to_date('2015-10-01 10:00','yyyy-dd-mm hh24:mi:ss')-to_date('2015-20-01 03:00','yyyy-dd-mm hh24:mi:ss') FROM dual)

    UNION ALL SELECT to_date ('2015-10-01 10:00:39 ',' yyyy-mm-dd hh24:mi:ss'), to_date ('2015-20-01 03:00:40 ',' yyyy-mm-dd hh24:mi:ss'), to_date('2015-10-01 10:00','yyyy-dd-mm hh24:mi:ss')-to_date('2015-20-01 03:00','yyyy-dd-mm hh24:mi:ss') FROM dual

    UNION ALL SELECT to_date ('2015-11-01 10:30:45 ',' yyyy-mm-dd hh24:mi:ss'), to_date ('2015-11-01 11:00:50 ',' yyyy-mm-dd hh24:mi:ss'), to_date('2015-11-01 10:30','yyyy-dd-mm hh24:mi:ss')-to_date ('2015-11-01 11:00 ',' yyyy-mm-dd hh24:mi:ss') FROM dual

    UNION ALL SELECT to_date ('2015-11-01 09:00:50 ',' yyyy-mm-dd hh24:mi:ss'), to_date ('2015-11-01 10:00:59 ',' yyyy-mm-dd hh24:mi:ss'), to_date('2015-11-01 09:00','yyyy-dd-mm hh24:mi:ss')-to_date ('2015-11-01 10:00 ',' yyyy-mm-dd hh24:mi:ss') FROM dual

    UNION ALL SELECT to_date ('2015-11-01 08:30:49 ',' yyyy-mm-dd hh24:mi:ss'), to_date ('2015-11-01 09:30:59 ',' yyyy-mm-dd hh24:mi:ss'), to_date('2015-11-01 08:30','yyyy-dd-mm hh24:mi:ss')-to_date('2015-11-01 09:30','yyyy-dd-mm hh24:mi:ss') FROM dual

    )

    Select

    trunc ((EndDate-StartDate)) days.

    trunc (((enddate-startdate)-to_number (trunc ((enddate-startdate))) * 24) hours)

    trunc (to_number (((enddate-startdate)-to_number (trunc ((enddate-startdate))) * 24-trunc (((enddate-startdate)-to_number (trunc ((enddate-startdate))) * 24)) * 60) Minutes,))

    (to_number (((enddate-startdate)-to_number (trunc ((enddate-startdate))) * 24-trunc (((enddate-startdate)-to_number (trunc ((enddate-startdate))) * 24)) * 60 - trunc (to_number (((enddate-startdate)-to_number (trunc ((enddate-startdate))) * 24-trunc (((enddate-startdate)-to_number (trunc ((enddate-startdate))) * 24)) * 60)) * 60 seconds))))

    data;

    Thanks for the answers in advance.

    AHA!

    TO_TIMESTAMP expects a string as input, so it first makes an implicit conversion from DATE to a string, in the format of NSL_DATE_FORMAT.

    To convert the TIMESTAMP DATE independently NLS_DATE_FORMAT, use

    CAST ( AS TIMESTAMP)

  • Download Webcenter Imaging Solution accelerator for AP?


    Hi all

    We are seeking to implement the flow of AP automation using Webcenter imagery, please advice the place where to download Webcenter Imaging Solution accelerator for AP?

    Kind regards

    Navin

    Hello

    The AP SA package is not a tested product, you will need to contact "[email protected]" in order to provide an accurate version of it specific to your version of imagery.

    Where is the AXF WebCenter Solution Accelerator content: Imaging and IPM located? (Doc ID 1300913.1)

Maybe you are looking for