[K12OSN] easy VPN?
Julius Szelagiewicz
julius at turtle.com
Sun Apr 25 14:39:24 UTC 2004
On Sat, 24 Apr 2004, Les Mikesell wrote:
> On Sat, 2004-04-24 at 09:58, Julius Szelagiewicz wrote:
> > one additional question: how silly would it be to have single
> > piece of equipment serving as both k12 and cipe vpn device for a small
> > group of users. the network is T1 terminated by cisco 2170, natted with
> > passthrough from public to private addresses.
>
> The load won't be a problem - the blowfish encryption is very
> CPU-efficient. I have 10 active tunnels terminating on a
> similar box doing other work. The main issues are routing
> and how often/long the box is down for other reasons. At
> least one of the endpoints must have a public IP address
> although this can be arranged with static nat on the outside
> box. NAT would be a problem for an IPsec device, although with
> the right IOS rev you might be able to do it directly on the
> outside cisco. You also have to arrange for packets headed
> to the remote lan to be routed through the CIPE host. If you
> have a 2-nic k12ltsp box, everything behind it will already
> be using it as the default route. My remote endpoints are
> mostly smaller offices so most of them are SMEservers that
> are also already the default gateway and providing other
> services. Some of the remote offices run email locally
> with all the users added to the SMEserver; some just use it
> as a VPN and connect directly to the central mail server.
>
Les,
that gives me hope. If the afternoon doesn't become windy, i
might actually do some work. i'll wail for halp when i get stuck ;-)
thanks, julius
More information about the K12OSN
mailing list