6.4 Configuring Multiple Virtual Private Networks
In this scenario, Company A has remote users and two remote offices that must have a secure connection to the company intranet. Company A has the following requirements:
-
Use server-to-server Virtual Private Networks (VPNs)
-
Allow client VPN dialing directly into the VPN server
-
Allow client VPN dialing into an ISP and then connecting to a master VPN server
-
Provide the router with a permanent connection to the Internet
The following Novell BorderManager components are used to implement this scenario, as shown in Figure 6-4:
-
Packet filtering
-
VPN server
-
VPN client
-
Access control
NOTE:In this scenario, on-demand links cannot be used, and a VPN server cannot be located behind NAT.
Figure 6-4 Multiple VPNs
To implement multiple VPNs, Company A must perform the following general sequence of steps:
-
Enable default packet filtering. This denies the default firewall filters, allowing VPN traffic while restricting other traffic.
For more information and packet filtering configuration procedures, see Novell BorderManager 3.9 Installation Guide .
-
Install and configure the remote access software on the master VPN server.
-
Install and configure the master VPN server.
-
Install and configure the slave VPN server.
For more information and configuration procedures, see Novell BorderManager 3.9 Administration Guide
-
Configure the VPN remote client.
-
Enable and configure access control rules allowing users to use the VPN client.
For more information and configuration procedures, refer to Managing Access Control.