Help, I can't think of a way to do this ..... :-(
We have two IPSec "appliances" at work that require known, routable
addresses on their "non-secure" ethernet interfaces.
We want to create a kit engineers can take home for remote IPSec access
into the network from personal cable/dsl connections. Our typical home
networks have a cheapo router running NAT. The router is getting a real
"outside" address from a service provider via DHCP (point "C" in the
drawing). On the inside, we use private addressing (point "B").
The problem is to configure an IPSec appliance with a real address but
connect it via the private address LAN at home. The obvious way to do
this is with a tunnel, so we've managed to scavenge a couple of old
2500s for this purpose...
IPSec cheapo IPSec
appliance -->2500-->router-->ISP-->Internet-->3660-->2500-->appliance
A B C D
Ideally, we want a tunnel from the left side of the left 2500 to either
the 3660 or the right 2500 .... so that we can give the left IPSec
appliance some of our address space. With GRE, however, you have to
specify the endpoint addresses in advance, and of course we don't know
what address the ISP will give one via DHCP ....
After some reading, I _think_ PPPoE, L2F, PPTP, and L2TP won't help us much
Does anyone have any ideas?
Jason
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=32057&t=32057
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
