Network segregation via IPsec gateways?
- From: "Fred F." <fredf4917@xxxxxxxxxxxxxx>
- Date: Thu, 20 Jan 2011 12:55:11 -0800 (PST)
Hi all,
I have the following network set-up:
There is a router with 1 WAN port and 2 LAN ports. I want to deploy
IPsec gatways for both LANs to enforce security, i.e. only encrypted
traffic may enter or leave the LANs through the IPsec gateways. To
further ensure that access from one LAN to the other is not possible,
I would deploy a separate IPsec gateway for each LAN. I am thinking of
deploying IPsec gateways that are physically separated from the
router, as shown in the following sketch:
+---------------------+ +-----------+
LAN1------| IPsec gateway |--------| |
+---------------------+ | |
| Router |------WAN
+---------------------+ | |
LAN2------| IPsec gateway |--------| |
+---------------------+ +-----------+
Alternatively, I could deploy the IPsec gateways in the router, saving
me from deploying 2 additional hardware boxes for the IPsec gateways
as shown in the config. above. This could be done by virtualisation of
the IPsec gateways, or by simply implementing a single IPsec gateway
in the router that serves both LAN.
However, my "feeling" is that this may be less secure in terms of
vulnerability to hackers from the WAN or the LAN side (it is a hacker
from LAN1 wanting to achieve access to LAN2) but I am not able to
justify this...
Can anyone share his/her opinion whether the 3 different configs. are
equivalent in terms of security and vulnerability to hacks???? Any
hint on how to assess this is appreciated. Thanks!
.
- Follow-Ups:
- Re: Network segregation via IPsec gateways?
- From: Lusotec
- Re: Network segregation via IPsec gateways?
- From: Fred F.
- Re: Network segregation via IPsec gateways?
- Prev by Date: cotton 100 % fabric Cheep price
- Next by Date: Re: Network segregation via IPsec gateways?
- Previous by thread: cotton 100 % fabric Cheep price
- Next by thread: Re: Network segregation via IPsec gateways?
- Index(es):
Relevant Pages
|
