Firewall Wizards mailing list archives
VPN endpoints
From: hermit921 <hermit921 () yahoo com>
Date: Tue, 24 Aug 2004 10:36:43 -0700
We are planning to put a VPN endpoint at our site for remote access. We know nothing about the remote client computers, we just provide an authentication mechanism for the users. The question concerns where we put the VPN endpoint on our network.
I figure it this way: 2 VPN device interfaces, either of which can go outside the firewall, on a DMZ, or inside the firewall. That gives us 9 possible arrangements, some of which are ridiculous, but fun to consider. We came down to two configurations.
One approach is putting the internal interface on a DMZ. The other approach is to have the VPN bypass the firewall entirely. I am looking for advice on which approach is better, and reasons why.
hermit921 _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- NAPT - NAT Port selection ravivsn (Aug 20)
- RE: NAPT - NAT Port selection Bill Royds (Aug 20)
- RE: NAPT - NAT Port selection Orca (Aug 22)
- Re: NAPT - NAT Port selection Srini (Aug 22)
- VPN endpoints hermit921 (Aug 25)
- Re: VPN endpoints Kevin Sheldrake (Aug 26)
- Re: VPN endpoints Mason Schmitt (Aug 26)
- VPN endpoints hermit921 (Aug 25)
- Re: NAPT - NAT Port selection Devdas Bhagat (Aug 22)
- Re: NAPT - NAT Port selection Harald Welte (Aug 25)