Multiple VPN Connections?
iztok at si-con.com
Tue Feb 8 09:49:59 EST 2005
> I am a newcomer to using VPN an any environment other that the Windows
> desktop, so please forgive my ignorance.
VPN is just form of network. It is just Virtual and Private ;)
> Assume we are talking about IPSec VPN connections that may be from
> different, non-interoperable VPN solution vendors. Also assume we are
> using non-public IP address (10.x.x.x) in our productions environment and
> that this is also the case on the remote networks. In short, assume all
> the worst possible conditions and that we have no control over the remote
If both sides are using the same, you need to NAT first to a public IP
address first then VPN. No way around it as if host appears to be local, it
simply won't work. Routing has to take place.
If both sites support IPSec then you should be able to establish
site-to-site VPN w/o major issues. Most vendors have so called
"interoperable" devices supported. IPSec is a good standard. I had various
combinations of FreeSWAN, CheckPoint, Cisco ... VPNs (all speak IPSec)
working in the past.
> What are the essential steps/components to establishing and maintaining
> multiple client VPN connections on a Windows host that is functioning as
> an Apache-Tomcat web application server with applications that need
> real-time access to database servers on the remote networks?
You should not think of it as client VPN. You should think of it as
site-to-site VPN. A network gateway for this. Otherwise you will end up in a
mess. Most clients can't talk to other vendors and/or even coexist on the
> Do we need to go to each VPN solution vendor for client side software?
No, as I stated earlier, you need to have peer network VPN.
> Do we need gateway hardware/software that will provide connection
> isolation and address translation?
VPN Gateway is a must for such installation.
> Can you recommend good sources for further research on these or other
Yes, your VAR should be able to help with it. If you can't find one that
will fit I can either suggest you one or (shameless commercial plug here,
sorry) I can architect you a solution for you.
Your solution might be simple or a major network architecture has to be done
and implemented. It just depends on input variables. Hard to tell with
limited info you provided.
More information about the ncsa-discussion