We’re looking at replacing some Cisco 2911 routers that are handling Cisco Anyconnect VPN with VyOS.
This will be for around 300 roadwariors that connect daily.
The Box does not sit directly on the WAN, instead it will hat a 1:1 Nat Mapping on the edge firewall and ports that are needed will be opened. Obliviously for the routing part I just put a static route on VyOS for 0.0.0.0 for to go to the closest router and on the other routers static route the VPN Subnet to VyOS.
But the VyOS VM will only have one NIC since it will be using that for static nat mapping, How do I configure VyOS for this case? also what about the VPN (we’d like to use one that uses the native windows client) and would like to setup authentication to LDAP based on group membership. It’s a single group and there are no subnet security polices based on group, if they are allowed in they get to any subnets.
Thanks for any guidance I’m new to VyOS.