| Richard 2004-11-09, 2:45 am |
| There is an initially bewildering array of VPN impementations (at
least to /this/ VPN novice) - can anyone help me get started with this
scenario by suggesting compatible techologies:
+----------------+
| cisco PIX515e |
| as VPN gateway |
| at remote site |
+----------------+
|
|
Internet
|
|
+----------------+
| Linux firewall |
| NAT router |
+----------------+
|
Private LAN
|
+-------------------+
| Linux VPN gateway |
+-------------------+
While I don't have direct control over the cisco device, it can be
configured to my specification, except that only DES is available (not
3DES - for some reason the ISP managing the PIX firewall does offer
the option of connection using stronger encryption technology without
the passing over of a large wad of cash. That's not too much of a
concern initially - I'd just like to see the tunnel up and running to
get started).
The linux router and firewall can have a dedicated public IP address
for the 'local' tunnel end point if required using DNAT and SNAT so
returned packets, rather than masquerading. That's about the level I
can define the set-up of the router - I don't have the option of
recomiling the kernel to include DES and IPsec.
The linux VPN gateway is a box I will have total control over, and
will also be a firewall to prevent the VPN connection being misused
(from either end).
All tunneled traffic is IP. From what I read here, and elsewhere, I
think I need something like L2TP, with IPsec and DES encrytion used at
transport layer for security. Initially planning on using shared key
for encryption to keep things simple.
Does that sound like I am thinking along the right lines, and if so,
do you have any pointers to docs on the web, especially when it comes
to the linux set-up?
Cheers
Richard
|