Configuring Multiple Virtual Private Networks

In this scenario, Acme Company has remote users and two remote offices that must have a secure connection to the company intranet. Acme has the following requirements:

• Use server-to-server Virtual Private Networks (VPNs)
• Allow client VPN dialing directly into the VPN server
• Allow client VPN dialing into an ISP and then connecting to a master VPN server
• Provide the router with a permanent connection to the Internet

The following Novell BorderManager 3.7 components are used to implement this scenario, as shown in the following figure:

• Packet filtering
• VPN server
• VPN client
• Access control

NOTE:  In this scenario, on-demand links cannot be used, and a VPN server cannot be located behind NAT.

Figure 27
Multiple VPNs

To implement multiple VPNs, Acme Company must perform the following general sequence of steps:

1. Enable default packet filtering. This denies the default firewall filters, allowing VPN traffic while restricting other traffic.

   For more information and packet filtering configuration procedures, refer to the packet filtering online documentation.

2. Install and configure the remote access software on the master VPN server.
3. From the server console, install and configure the master VPN server.

   For more information and configuration procedures, refer to Advanced Configuration of Virtual Private Networks.

4. From the server console, install and configure the slave VPN server.

   For more information and configuration procedures, refer to Novell BorderManager 3.7 Installation Guide .

5. Using NetWare Administrator, configure the VPN remote client.
6. Using NetWare Administrator, enable and configure access control rules allowing users to use the VPN client.

   For more information and configuration procedures, refer to Managing Access Control.