[fw-wiz] Integrated VPN/FW Paranoia
- From: "Cary, Kim" <Kim.Cary@xxxxxxxxxxxxxx>
- Date: Mon, 22 May 2006 09:15:47 -0700
Hi all,
Well, for months I've been saying: "When you get the VPN, we'll put it on
its own subnet/vlan behind the firewall." Now, I can see the administrative
pressure coming to use the VPN device (ASA5520) as the firewall and the VPN.
Value engineering, IMO.
If we have to 'restart' the VPN for some reason, I don't want to restart the
firewall. Further, I want the VPN traffic dumped where our IDS can see it
before it goes elsewhere (hence the desire to put it on its own subnet). I
realize I'm somewhat inexperienced here, so any opinions from the list
members would be appreciated.
Would you put an integrated device in front of your class B network and
expect it to both protect (fw) and serve (vpn)?
If you had to support both internal customers using VPN for auth/encrypt
access to 'special' ports related to secured apps as well as remote
customers just trying to use vanilla 'lan' apps would you put your VPN on
the border?
Thanks much!
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- Follow-Ups:
- Re: [fw-wiz] Integrated VPN/FW Paranoia
- From: Kevin
- Re: [fw-wiz] Integrated VPN/FW Paranoia
- Prev by Date: Re: [fw-wiz] firewall stress testing tool
- Next by Date: [fw-wiz] Strange Traffic
- Previous by thread: [fw-wiz] RDP into a PC
- Next by thread: Re: [fw-wiz] Integrated VPN/FW Paranoia
- Index(es):
Relevant Pages
|
