I have a question about VPNs: how would something like accessing a remote private network from your own private network work? Say you have a topology like this:
PC1-----SW1-----R1 R2------HomePC1
PC 1 has a private IP, and R1 has a public IP on its outside interface. Same goes for the home user and its default gateway. Also, assuming both networks are running NAT.
I know you cant access private IPs over the internet, but with a VPN, how would I access SW1 (SVI), or R1’s private inside IP address?
Say I needed to troubleshoot for a user at work, but I’m also working from home. How would I be able to access the company’s private network?
Okay, you need to be sure you got the differences between IPSec site-2-site and remote access VPN sorted out.
For remote access there is a tunnel between the public IP of in your case HomePC1 (that would be the home router) and the public IP of R1.
For the RA VPN you need a client on the HomePC1. This establishes a runnel (these days almost always SSL tunnel) and gets assigned a private IP from the VPN endpoint. This private IP is from a range that can be routed to the other LAN subnets of in your case R1.
Please not that while it is possible to set up Cisco routers als SSL endpoint is rarely done. Your typical VPN endpoint is a Firewall.
So, if I understand correct; I would download a RA VPN client, something like AnyConnect or OpenVPN, correct? Then, the VPN endpoint (firewall), would give me a private IP address from a range of the company’s private subnet.
Yep, that’s about it. There are finer details how you can configure the VPN pool but for the general picture that should do.
Edit: With RA you can configure which traffic should be routed through the tunnel (basically like identifying the interesting traffic for an IPSec VPN). Most companies don’t want your general internet traffic routed through the tunnel and the FW so that is routed through your home network (split tunnel). Only the resources you need to access in the company LAN are routed through the tunnel.