RE: looking for a hub or switch that can connect a VPN and apply firewallrules to all ports

So your clients' Internet traffic doesn't go through the VPN?
(If it did, all the ISP would see is the encrypted tunnel...)

It sounds to me like the clients' Internet traffic is NATted
at the router, and the VPN is irrelevant. So your choices are:

1) Police your own network so the ISP doesn't see things they
shouldn't (*), or

2) Purchase routable address space so each of your clients has
their own visible address. I'm sure the ISP will be glad to
handle the technical details in exchange for a reasonable
monthly charge.


* - This suggestion will rub some folks the wrong way. I'm
guessing that this is a branch office setup with VPN back to
HQ, and that when a client's Internet traffic prompts the ISP
to pull the plug, the whole office loses connectivity to HQ.
So if users cannot limit their use to things compatible with
the needs of the business, the business doesn't provide them
with Internet access -- or a paycheque. Deal with it.

David Gillett


-----Original Message-----
From: Thomas Anderson [mailto:zelnaga@xxxxxxxxx]
Sent: Thursday, August 13, 2009 1:00 PM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: looking for a hub or switch that can connect a VPN
and apply firewallrules to all ports

Right now, I have maybe 10-20 computers plugged into a VPN
enabled router. Problem with this setup is that if one
computer behind the router does something "bad" all the
computers behind the router suffer the consequences if the
ISP decides to disable the connection, temporarily or
otherwise. Normally, the way to work around this would be to
just get a hub or a switch and connect through that, however,
if that's done, all the computers would have to have VPN
software installed on them and managing 10-20 computers is
much more of a logistical challenge than managing one router.

The ideal solution, it seems to me, would be a switch that
connects each port, individually, to the VPN. If firewall
rules could be applied universally to all ports, as well,
that'd be helpful.

Any ideas?

--------------------------------------------------------------
----------
Securing Apache Web Server with thawte Digital Certificate In
this guide we examine the importance of Apache-SSL and who
needs an SSL certificate. We look at how SSL works, how it
benefits your company and how your customers can tell if a
site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache
web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management
of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;
e13b6be442f727d1
--------------------------------------------------------------
----------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Relevant Pages

  • Re: AD structure question
    ... To ISP DNS servers? ... and applying to all clients in A and B. You can create 2 sites and then use ... But VPN gives just access to share resources. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Route an external IP address via site to site vpn
    ... We use a different ISP at site 2 and so they ... setup the site-to-site VPN connection thru 2 ISA 2004 servers? ... Router add ExternalIP RemoteISAInternalIP ...
    (microsoft.public.windows.server.sbs)
  • Hey!
    ... What I meant was not if VPN over a specific connection vs.cleartext on ... VPN connection to ISP and from ISP you get ext.IP address and you get an ... >>>encryption relies on having the source node and the target node have ...
    (microsoft.public.windowsxp.hardware)
  • Re: After changing my ISP, I no longer have access to my VPN
    ... >> After changing my ISP, I no longer have access to my company VPN. ... Maybe each user's packets are tunneled in a AOL packet to the AOL server to provide better security. ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: VPN question?
    ... The ISP settings wouldn't affect that anyway. ... DNS suffix of the LAN you are connecting to). ... > via VPN, I can see my files/folders, etc. ... > connect via a broadband connection, ...
    (microsoft.public.win2000.ras_routing)
Quantcast