[c-nsp] Remote Parking Gates VPN to Campus Network with 3G

Luan Nguyen luan at netcraftsmen.net
Tue Apr 13 10:29:54 EDT 2010


You could use EZVPN client on those 880 ISRs if you choose to go the
"client" way.
>From what I heard, it's hard to get ASA these day.  If I am in your shoes, I
would use dual ISR2 routers (for redundancy) such as 2911 instead of ASA and
880s to form a dual hub DMVPN/IPSEC cloud.
30 CPEs DMVPN shouldn't be a concern provisioning/managing wise.


-----------------------------------
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
---------------------------------


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of schilling
Sent: Tuesday, April 13, 2010 10:09 AM
To: cisco-nsp
Subject: [c-nsp] Remote Parking Gates VPN to Campus Network with 3G

We have a project of connecting 30+ remote parking gates to our PCI
private network(MPLS L3VPN in our case). These parking gates will not
have direct ethernet connection, nor within our campus wireless
coverage. So we are thinking of using 3G celluar network like Verizon,
ATT etc to have network connection, then  using VPN to tunnel the
traffic from these gates to our existing PCI private network.

If we have a dedicated ASA, we could do LAN-to-LAN tunnel with either
Cisco ISR 880 3G or any Digi WAN VPN family, but we are concerned
about the provisioning and managing over 30 LAN-to-LAN tunnels. And
shared ASA will not be able to isolate the traffic to PCI private
network.

Is there any device which can do integrated VPN client and 3G? EOS
Cisco 3002 VPN hardware client could do the first requirement, but not
the second one.
3G requirement is obvious. The reason for integrated VPN client is for
easy management and traffic steering.  If we can have a VPN client on
the device to initiate a VPN connection to our Cisco VPN server, then
NAT LAN connection thru the obtained VPN address,  We just need a VPN
group for all of these parking gates. If we use Lan-to-Lan tunnel,
then the management overhead is much higher compared with VPN client.
Doing VPN client, we can use our existing VPN server to steer the
traffic thru the MPLS L3VPN for PCI client with PIX/ASA: Multiple VPN
Group Clients to use Different VLANs after Connecting to a Security
Appliance Configuration Example.

Any thought on any device with integrated VPN client and 3G? Or what
will you do with similar project?

Thanks,

Schilling
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 5024 (20100413) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com





More information about the cisco-nsp mailing list