Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(ASCEND) RFC VPN and Access Solution Comprehesion plus
Hi Everyone,
I apologize if this is wordy but am trying to comprehend what i
am getting
myself into;') Here is the scenario i am setting up a full time
T1 from a
head office over the big I to a series of branch offices running
yet to be
determined access to the Internet. At the head office their will
be a router
either a cisco or a plain old linux solution router statically
routing to
the next router up the web chain. Behind this router is a
firewall with a
dmz running a secure server. Behind this again is a second router
that is
the last point out on the lan. I am planning to VPN using say the
VPN 1010
series box on each of the branches including the hq. Running
IPSEC if possible
the VPN boxes will be the last routers inward if possible. Is
this possible
without causing any problems. Anyways here is where i get
completely lost
on the solution:'( I plan to tunnel thru the internet from branch
to branch
using say ascend to authenticate. Where should the auth servers
live at the
DMZ or connected somehow to the T1 at the tip of the Internet. I
think what
happens here is that people dial in via isp and point their pc to
a branch
static ip where they are authenticated and allowed or denied. Is
this right?
In the mean time if they are denied then they can't enter the
tunnel right?
Are there any diagrams explaining where the radius is to live and
how it
is installed hopefully step by step? Also since ace servers are
planned
for roving users is this the way to go? Where does the Ascend
come into
play and does it provide what i think it does? the head office
will go
something like this is this right and where does the ascend
server live
and what protects it?
DMZ
|
internet-> router-> bastion-> router internal ->lan - ascend?
-ace srv
Thanking you all in advance:')
Regards,
dreamwvr@dreamwvr.com
_______________________________________________________________________
DREAMWVR.COM - TOTAL WEB INTEGRATION, DEVELOPMENT, DESIGN SERVICES.
Featuring Website Development and Web Strategies of a TOP Developer
<http://www.dreamwvr.com/dreambiz.htm> <mailto:dreamwvr@dreamwvr.com>
"As Unique as the Company You Keep." "===0 PGP Key Available
________________________________________________________________________
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>
Follow-Ups:
References: