Security Basics mailing list archives
RE: VPN overkill?
From: "Ted A" <arcturous () hotmail com>
Date: Wed, 17 Nov 2004 02:32:01 +0000
You're right about the details. How incredibly stupid of me.The setup is pretty basic. It's going to be used for after hours backup uploads, and day time file access. Nothing too intensive. Roughly 10 people at the remote site, not more than 2 or 3 accessing resources on the central server at a given time. Yes there will be servers on both ends.
There will not be any remote application usage. It's the base of the basics.
From the initial planning it looks like the baseline bandwidth will be a T1.
The basic setup is: Remote Lan Server Border Router PIX {internet} Concentrator Router Server Central Lan etc..... Ted <html><P> </P></html> From: "Thomas F. Szabo" <tszabo () diamondtech net>To: "Ted A" <arcturous () hotmail com>,<security-basics () securityfocus com>
Subject: RE: VPN overkill? Date: Tue, 16 Nov 2004 21:21:03 -0500 MIME-Version: 1.0Received: from mail.diamondtech.net ([216.182.48.84]) by mc12-f26.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824); Tue, 16 Nov 2004 18:21:11 -0800 Received: from dt-mail.diamondtech.net ([192.168.197.252]) by mail.diamondtech.net with Microsoft SMTPSVC(6.0.3790.211); Tue, 16 Nov 2004 21:22:38 -0500
X-Message-Info: JGTYoYF78jHOc4vHP2LNwcUF3+U5M0GN Content-class: urn:content-classes:message X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0Message-ID: <2A1FEB926FF75746B6E64B86BB3B41F224835D () dt-mail diamondtech net>
X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: VPN overkill? Thread-Index: AcTMSUHVez2eRT4cRV2tY//Ewmw99gAAVTzg Return-Path: tszabo () diamondtech netX-OriginalArrivalTime: 17 Nov 2004 02:22:38.0147 (UTC) FILETIME=[4E995930:01C4CC4C]
Hi, You're right this is a great list. I think a PIX at the remote end will probably be sufficient. I say probably because you didn't offer too many details on the scenario. A few questions I would ask are: How many user's at the remote site, what type of apps., what are they connecting to, will there be servers at both sites, what type of bandwidth are we talking about, etc.? Depending on how much traffic we're talking about you might want to consider offloading the encryption from the PIX to another concentrator. But like I said a PIX will probably be sufficient for a lan to lan back to your main concentrator at the main office. Tom Szabo -----Original Message----- From: Ted A [mailto:arcturous () hotmail com] Sent: Tuesday, November 16, 2004 5:17 PM To: security-basics () securityfocus com Subject: VPN overkill? All, First off, good fun reading this list. Some really great advice and good thinkers on here. Thanks for the great questions and great answers. So here's my issue. I have an IT infrastructure manager who has raised a requirement I find myself questioning. We have a goal of connecting a remote office to a central office via a VPN. This manager insists that only acceptable way to accomplish this is by connecting 2 VPN concentrators. I debate this, noting that a PIX should be more than capable of handling this connection at the remote office and the only place the concentrator is needed is at the central office. Am I completely off my rocker, thinking that a second concentrator for a single connection is a little overboard? Thoughts? Thanks, Ted
Current thread:
- VPN overkill? Ted A (Nov 16)
- RE: VPN overkill? Tom Milliner (Nov 17)
- RE: VPN overkill? David Gillett (Nov 17)
- RE: VPN overkill? Ted A (Nov 18)
- RE: VPN overkill? Keith Bucknall (Nov 17)
- Re: VPN overkill? Jamie Schmidt (Nov 17)
- Re: VPN overkill? Gautam R. Singh (Nov 18)
- <Possible follow-ups>
- RE: VPN overkill? Thomas F. Szabo (Nov 17)
- RE: VPN overkill? Jim McBurnett (Nov 17)
- RE: VPN overkill? Ted A (Nov 17)
- RE: VPN overkill? Thomas F. Szabo (Nov 17)
- RE: VPN overkill? Gary Freeman (Nov 17)
- RE: VPN overkill? d'Ambly, Jeff (Nov 17)
- RE: VPN overkill? Jeff Gercken (Nov 17)
- RE: VPN overkill? Gary Freeman (Nov 17)
- RE: VPN overkill? Justin Acquaro (Nov 17)