[fw-wiz] VPN endpoints
From: hermit921 (hermit921_at_yahoo.com)
Date: 08/24/04
- Previous message: Harald Welte: "Re: [fw-wiz] NAPT - NAT Port selection"
- In reply to: Srini: "Re: [fw-wiz] NAPT - NAT Port selection"
- Next in thread: Kevin Sheldrake: "Re: [fw-wiz] VPN endpoints"
- Reply: Kevin Sheldrake: "Re: [fw-wiz] VPN endpoints"
- Maybe reply: anyluser: "RE: [fw-wiz] VPN endpoints"
- Reply: Mason Schmitt: "Re: [fw-wiz] VPN endpoints"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <firewall-wizards@honor.icsalabs.com> Date: Tue, 24 Aug 2004 10:36:43 -0700
We are planning to put a VPN endpoint at our site for remote access. We
know nothing about the remote client computers, we just provide an
authentication mechanism for the users. The question concerns where we put
the VPN endpoint on our network.
I figure it this way: 2 VPN device interfaces, either of which can go
outside the firewall, on a DMZ, or inside the firewall. That gives us 9
possible arrangements, some of which are ridiculous, but fun to
consider. We came down to two configurations.
One approach is putting the internal interface on a DMZ. The other
approach is to have the VPN bypass the firewall entirely. I am looking for
advice on which approach is better, and reasons why.
hermit921
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Harald Welte: "Re: [fw-wiz] NAPT - NAT Port selection"
- In reply to: Srini: "Re: [fw-wiz] NAPT - NAT Port selection"
- Next in thread: Kevin Sheldrake: "Re: [fw-wiz] VPN endpoints"
- Reply: Kevin Sheldrake: "Re: [fw-wiz] VPN endpoints"
- Maybe reply: anyluser: "RE: [fw-wiz] VPN endpoints"
- Reply: Mason Schmitt: "Re: [fw-wiz] VPN endpoints"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
