Cisco CSR as VPN Hub

Configure Crsco CSR 1000 and make it a hub fot IPSec Site-to-Syte VPNs and L1TP VPN netwrork

Network topology

The tasks were to replace an old and outdated Nortel Passport 8606 router in the core of a network with new Juniper SRX650 routers, and to move a function of a core router from Cisco ASA to SRX650. Two SRX650 devices were deployed in cluster mode with load distribution between two nodes. Two Cisco ASAs in Standby Failover mode were placed on the network edge and served as primary firewall and VPN termination point.

VPN topology

The project goal is to securely connect together servers in the office on-premise, in two data centers and in AWS. On each endpoint the IPSec VPN service is configured and tunnels to other locations established. strongSwan, an IPSec VPN suite for Linux, is installed on DC servers directly, while on the AWS, a dedicated VPN server is deployed. AWS routing is modified to make this server as an Internet gateway for the whole AWS infrastructure, including Lambda functions integrated with AWS VPC. Ubiquiti EdgeRouter terminates the VPNs on the on-premise side.