VPN...possible??

Hello all, I am new to the forum and would like to get some assistance if possible. I am currently doing a degree in CIS and attempting to complete a project in Internet/network security. I am attempting to develop a method of connecting a single LAN site to a wide area network (with web content server) via the internet.

Is this possible via a VPN? Please explain how I can do this.

Any assistance would be greatly appreciated.

I am not quite sure what you are asking - as a rule people usually you a VPN when connection 2 networks together over the internet.

I need more information on what it is you are trying to achieve to help you. Please try and use some examples.

Thanks

Okay, here it is. I am developing a LAN at a school with its own server and 30 clients. A single Cisco catalyst, C2950G-48-EI Gigabit switch for the internal network. I am using a Cisco 3640A 4 Slot Modular Router - AC w/IP SW for the connection of the LAN to the internet.

However, the LAN is to be connected to a regional mainframe via the internet. This regional mainfram system is then connected to a national database and archiving facility.

What I need to know is how best this can be done and what technology can be implementted for the LAN to regional mainframe facility. I was wondering if the LAN to regional can be done via VPN? Your assistance would be greatly appreciated.

Thank you .

Yes this can be done and is done quite often. you need firewall IOS on your router or a PIX or a VPN concentrator (just staying with the cisco stuff here) and the remote site would need some sort of VPN capable system also ( firewall-1, pix, concentrator, ios firewall, whatever). lets say you use a pix behind your router you would specify in an acl for interesting traffic to go through the IPSEC tunnel to the mainframe and all other traffic goes out unencrypted to the internet as well you would create an ACL not to NAT the connected networks and only NAT/PAT the internet traffic as well as an inside acl only permitting your devices to connect to the mainframes IP address and nothing else in the remote network and vice versa.
If you like tell me if you are using the firewall IOS or PIX, the network IP schemes and the IP address of the mainframe and Ill write out the config and post it for either of those so you can see what im talking about.

Hello Juinperr, Well I must say that a lot of what you are talking about is new to me. I am a student and doing this as an assignment for a degree course.

Anyhow, this is my configuration (hardware). My connection from LAN to remote site is built up around the checkpoint VPN1-FW1. and using the Cisco 837 ADSL router, yeah, I changed the config from earlier because of cost restraints. I intend to use the McAfee enterprise wide solution for AV and IDS. The Router would do some packet filtering as well as the FW.

The rules for HTTP traffic would be set on to the firewall as well as transmitted through the VPN via encrypted codes. All users would be given specific access right and access levels according to the subject area (this is a WAN for schools). I am attaching a copy of my DMZ diagram to show what I am planning to do. You would have to expand the diagram to view. Please tell me if this is making any sense and if it would be secure.

You assistance is very much appreciated and thank you.