Re: VPN Firewall for new webserver

From: Nate Baxley (nbaxley_at_gmail.com)
Date: 11/09/04 

Date: 9 Nov 2004 12:46:49 -0800

Gary <garyd@efn.org.spamsux> wrote in message news:<u1Zjd.75117$R05.72092@attbi_s53>...
> Nate Baxley wrote:
>
> > firewall in front of it. I'm on a fairly tight budget and I have
> > about $100 - $500 to spend on the firewall. I need to allow the web
> > traffic in of course, also FTP and SQL Server access, so port
> > forwarding will be needed. Initially I'll only have one machine
> > behind it but I may add another box later.
>
> The 10 user license version of the Cisco PIX 501 sells for less than
> $300 dollars. You can use PPTP, L2TP, or Cisco's IPsec VPN client to
> connect to the network behind it. If you plan to have more than one
> public IP address and don't want to NAT your systems behind one IP w/
> port forwarding, you could use one-to-one NAT to map a static public IP
> to the static private IP of the server(s).
>
> -Gary

I'm a little new at this, with this one-to-one NAT would I use one IP
address to acccess the machine on some ports and another for the other
ports? I guess I'm just wondering how it would work. We do have two
static IP addresses available and I can see some advantages to
reserving one IP for admin purposes and the other for public. Can you
give me a little more explanation? Thanks for Cisco suggestion. I'll
check it out.

Nate Baxley