Re: Internal VPN Connections

["D.N.Vaidya" <dnvaidya () rilinfo net>]

One suggestion:

Internet
|
|
|Servers
Core Router/Switch<--------------->Firewall/VPN
Device<-------->L2/L3Switch<---->|Servers

|Servers


If VPN device and firewall are seperate then put the VPN device after
firewall before servers. I have assumed here that you want to allow the
authorized users to connect to your servers from the Internet via the
Internet.

Hope this will add some value

Sincerely,
D. N. Vaidya ( //)) //\\// \\// )

"The information in this mail is confidential and is intended solely for the
addressee. Access to this mail by anyone else is unauthorized. Any copying
or further distribution beyond the original recipient is not intended and
may be unlawful. The opinion expressed in this mail is that of the sender
and do not necessarily reflect that of Reliance"

----- Original Message ----- 
From: "Cam Fischer" <camfischer () gmail com>
To: <security-basics () securityfocus com>
Sent: Sunday, September 11, 2005 9:59 PM
Subject: Internal VPN Connections


> I am looking for advise / thoughts on if I should plug the internal
> side of my VPN device into my core network or not?
>
> I am reading that I should be doing VPN quarentining (to ensure there
> is AV installed on the machine etc). But is there a risk plugging into
> the core switch with all my servers, or should I plug into a seperate
> network?
>
>
> Internet
> |
> |
> VPN Device -------------> CORE NETWORK <----------SERVERS
>                                                |
>                                           Switch
>                                                |
>                                       Other workstations
>
> Am I more vulnerable doing this?
>
> CF