I have a HQ and 3 branch offices.(Branch a 192.168.1.0/24)(branch b 192.168.2.0/24)(branch c 192.168.3.0/24)
The main internet connection is via HQ. (192.168.0.5 ipcop)
My idea is to have a ipcop at each branch and setup a vpn connection to HQ ipcop.(HQ net 192.168.0.0/24 ipcop 192.168.0.5)
Users on lan in branch connect via vpn to HQ ipcop proxy to access internet. no direct access to internet allowed via red only vpn connection traffic to HQ
only http traffic allowed via this vpn. I used bot and blocked all except http and https on remote site proxy.
I have tested this from one site and it seems to work if browser proxy points to HQ proxy.
we have a gateway on local network in (branch a) for intranet via telco operator 192.168.1.1 and then the ipcop 192.168.1.5
ipcop is for internet access only and intranet for buss use.
if i set gw on windows box to 192.168.0.5 internet works via ipcop (vpn --- vpn) hq ipcop proxy internet
intranet server 192.168.0.240 is not accessable. chnge gw to 192.168.1.1 intranet server acessable but not internet via proxy
I did try to enter the 2 gw into winxp with diff matrix but as above only 1 option works intranet acces or internet not both. only internal ip connections should go via telco vpn.All external 0.0.0.0 http / https must go via ipcop (branch a) vpn to ipcop hq and then via proxy out to internet
last problem :
i thought a pc on 192.168.1.0/24 can use ipcop as proxy (no gw needed) and ipcop will pass the http on via vpn to HQ ipcop to access internet. I cannot get this to work.
Branch A ipcop vpn branch A telco vpn
ipcop cisco router
192.168.1.5 /24 192.168.1.1/24
ipcop HQ vpn cisco router
192.168.0.5/24 ____ 192.168.0.1/24
| | |
| | |
_______|_____ | _______|___________
192.168.0.0/24 | 192.168.0.251 intr web serv
RED Internet access
Sorry for the book chapter description.
1. Can this be done ?
2. I would appreciate help to sovle the 2 gw problem
3. howto get ipcop A to accept local proxy requests fwd that to hq proxy and then internet. If this works i do not ned the 192.168.1.5 gw setting.(I think.....)
ps i have just installed adv proxy on ipcop A
My netw diagram is getting garbled
The administrator has disabled public write access.