[fw-wiz] VPN endpoints

From: hermit921 (hermit921_at_yahoo.com)
Date: 08/24/04

  • Next message: Patrick M. Hausen: "Re: [fw-wiz] Decrypted VPN traffic and access lists on outside interface of PIX"
    To: <firewall-wizards@honor.icsalabs.com>
    Date: Tue, 24 Aug 2004 10:36:43 -0700
    
    

    We are planning to put a VPN endpoint at our site for remote access. We
    know nothing about the remote client computers, we just provide an
    authentication mechanism for the users. The question concerns where we put
    the VPN endpoint on our network.

    I figure it this way: 2 VPN device interfaces, either of which can go
    outside the firewall, on a DMZ, or inside the firewall. That gives us 9
    possible arrangements, some of which are ridiculous, but fun to
    consider. We came down to two configurations.

    One approach is putting the internal interface on a DMZ. The other
    approach is to have the VPN bypass the firewall entirely. I am looking for
    advice on which approach is better, and reasons why.

    hermit921

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Patrick M. Hausen: "Re: [fw-wiz] Decrypted VPN traffic and access lists on outside interface of PIX"

    Relevant Pages

    • Re: Remote Desktop & Firewall
      ... Can I use "Remote Web Workplace"? ... >> If I direct the ports of my firewall to a particular IP address, ... > Get a firewall or router that acts as a VPN endpoint and let them VPN ...
      (microsoft.public.windowsxp.work_remotely)
    • Re: please recommend hardware firewall for home/SOHO user
      ... >I am looking for a hardware firewall for home use eg Zywall etc. ... If you don't need the firewall to be a VPN endpoint, ...
      (comp.security.firewalls)
    • Re: Remote Desktop & Firewall
      ... >> Get a firewall or router that acts as a VPN endpoint and let them VPN ...
      (microsoft.public.windowsxp.work_remotely)