RE: [fw-wiz] vpn end-point

From: Dave Piscitello (
Date: 03/19/04

  • Next message: Frederick M Avolio: "RE: [fw-wiz] vpn end-point"
    To: paul <>, "Claussen, Ken" <>
    Date: Fri, 19 Mar 2004 08:40:51 -0500

    My experience as well. People tend to size access routers to perform
    according to the WAN access connection rate.

    I am surprised no one mentioned that terminating VPN at the firewall lets
    you distinguish VPN traffic from all other traffic routed through the
    firewall (without topological or addressing finagling), and protects VPN
    traffic to the security policy enforcement point, e.g., across the "DMZ"
    you have between the router and firewall (unless the router-firewall link
    is a crossover cable, it's a network, and I've seen people throw IDS/IPS,
    performance analysis devices, and gee, how about a web server there - and
    that's only the list of systems they learn about).

    At 05:12 PM 3/18/2004 -0500, paul wrote:

    >This is the opposite of my experience. I've yet to see a router with
    >enough CPU to do 3DES and handle significant traffic at the same time.

    firewall-wizards mailing list

  • Next message: Frederick M Avolio: "RE: [fw-wiz] vpn end-point"

    Relevant Pages

    • RE: [fw-wiz] L2L VPN redundancy for T1 link
      ... Our Router resided outside the Firewall with a HW - HW VPN tunnel built ... Internal Routers - 3662 ... Internet network, bypassing the firewall. ...
    • Re: Intra-site DNS problems
      ... Build a VPN between the two ... >> routers, and setup the routing so that everything ... RPCs are not going to translate through the NAT, ...
    • Pattons Low-Cost WAN Router Integrates VPN, QoS and Encryption
      ... Low-Cost WAN Router integrates VPN, QoS and Strong Encryption. ... Routers with integrated QoS. ... Model 2800 Series provides business-class traffic-prioritization and ...
    • Re: Branch Office MVBASE network access
      ... We use Watchguard routers for VPN between sites, ... Accuterm or the bundled thin client ...
    • Re: [fw-wiz] Hacker pierces hardware firewalls with web page.
      ... I've seen several other posts where people make use of browser exploits to trick the browser into submitting a form to the router/firewall, and if the router has the default password, the attacker can then configure the firewall any way they want. ... With FTP the client connect to the server, then at the start of a file transfer the client tells the server what port to connect to on the client. ... virtually any service on their machine, even when it's behind certain routers that automatically block it to the outside world. ...