[Packetfence-users] Using PacketFence with Vyatta VPN

Thu, 16 Sep 2010 08:32:11 -0700

I have been working with PacketFence a lot recently, and am very impressed with the inherent functionality it provides. Having used the rather "expensive" Enterasys solution in the past, I have been showing customers that you can get the security needed without the enormous capital investment!
It works flawlessly using VLAN Isolation with physical Cisco switches (2950/2960), routers (3550) and firewalls (PIX505E). However, I would like to move this to the "virtual" environment so that I can take it on the road and show more of my clients how valuable a NAC solution is to their overall network security posture, without having to carry the extra network hardware. 


A key aspect of the virtual environment is that in addition to the ESX 
virtual switches, I will also connect these virtual switches to Vyatta 
Core and use Vyatta as a router, firewall and VPN gateway.  I have tried 
numerous configuration permutations with VLAN, DHCP and ARP isolation, 
but cannot seem to get the VPN clients connecting through Vyatta using 
either OpenVPN or PPTP to isolate, register, etc. with PacketFence.  I 
do see traps being sent to PacketFence, and the nodes show up as 
"unregistered" upon connection to the Vyatta VPN gateway, however, the 
network it resides is not isolated from the other nodes.



I have searched endlessly for some information on proper configuration 
of PacketFence using DHCP and ARP isolation techniques, but there just 
is not much detail posted on how to get this working.



I would appreciate any help in resolving this, and I will certainly post 
the final configuration so that others can learn from this as well.


--

*Joel T. Langill*

TÜV FS-Eng ID 1772-09, CEH, CCNA


<http://www.englobal.com/entityoverview/automation/automation.html>


------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to