RE: VPN overkill?

• Previous message: Viktorija Almazova: "Re: monitoring utility"
• Maybe in reply to: Ted A: "VPN overkill?"
• Next in thread: Tom Milliner: "RE: VPN overkill?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 16 Nov 2004 21:21:03 -0500
To: "Ted A" <arcturous@hotmail.com>, <security-basics@securityfocus.com>

Hi,

You're right this is a great list. I think a PIX at the remote end will
probably be sufficient. I say probably because you didn't offer too
many details on the scenario. A few questions I would ask are: How
many user's at the remote site, what type of apps., what are they
connecting to, will there be servers at both sites, what type of
bandwidth are we talking about, etc.? Depending on how much traffic
we're talking about you might want to consider offloading the encryption
from the PIX to another concentrator. But like I said a PIX will
probably be sufficient for a lan to lan back to your main concentrator
at the main office.

Tom Szabo

-----Original Message-----
From: Ted A [mailto:arcturous@hotmail.com]
Sent: Tuesday, November 16, 2004 5:17 PM
To: security-basics@securityfocus.com
Subject: VPN overkill?

All,
First off, good fun reading this list. Some really great advice and good

thinkers on here. Thanks for the great questions and great answers.

So here's my issue. I have an IT infrastructure manager who has raised a

requirement I find myself questioning.
We have a goal of connecting a remote office to a central office via a
VPN.
This manager insists that only acceptable way to accomplish this is by
connecting 2 VPN concentrators. I debate this, noting that a PIX should
be
more than capable of handling this connection at the remote office and
the
only place the concentrator is needed is at the central office.
Am I completely off my rocker, thinking that a second concentrator for a

single connection is a little overboard?

Thoughts?
Thanks,
Ted

• Previous message: Viktorija Almazova: "Re: monitoring utility"
• Maybe in reply to: Ted A: "VPN overkill?"
• Next in thread: Tom Milliner: "RE: VPN overkill?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: VPN overkill? ... There will not be any remote application usage. ... It's the base of the basics. ... from the PIX to another concentrator. ... We have a goal of connecting a remote office to a central office via a ... (Security-Basics) Re: VPN overkill? ... I have an IT infrastructure manager who has raised a ... > connecting 2 VPN concentrators. ... > only place the concentrator is needed is at the central office. ... connect back to a PIX at the head office. ... (Security-Basics) Re: VPN overkill? ... > We have a goal of connecting a remote office to a central office via a VPN. ... Cisco pix 506 would be fine, ... > only place the concentrator is needed is at the central office. ... (Security-Basics) Re: when connecting to a pc through Remote Desktop Connection (locally or remotely) local drive is n ... Click Services tab and select Hide All Microsoft Services and Disable ... 40932648-when connecting to a pc through Remote Desktop Connection (locally ... <Subject: Re: when connecting to a pc through Remote Desktop Connection ... I can see pc x's local drives on pc y. ... (microsoft.public.windows.server.sbs) Re: need advice on security scenarios ... you may have trouble until you disable smtp fixup on the PIX. ... > You can get a Watchguard or Sonicwall firewall with a dedicated DMZ ... > The best security scenario for placing the concentrator in relation to the ... >> exception of the VPN concentrator, we don't run any other servers(web ... (microsoft.public.win2000.security)