Re: VPN vs changing routes

[chort <chort () amaunetsgothique com>]

Routing will only work if the end-user has a direct physical link to the
corporate network.  Some how the traffic must get from the end-user's
workstation to the corp network.  If they are on broadband, for
instance, the packets would have to go to the local hardware (DSLAM,
etc), through the provider's network (in the clear), to an Internet
peer, and finally into the corp network.  Hopefully you won't just
blindly trust this IP through your firewall, since it's possible for any
hop along to intermediate path to effectively spoof that IP.

Remember, the VPN only makes the next hop *appear* to be the corp. network.
The packets still follow the same path, they're just encrypted until they
reach the terminating point inside the corp. network.  That's why it's
called a Virtual Private Network, the encryption turns a public network
into a virtually private network (transparently to the user).

Perhaps I am misunderstanding the question, but that would appear to be
the difference from my interpretation of your question.

-- 
-chort

On Tue, 10 Jun 2003, Keenan Smith wrote:

> All,
>
> Given a single user in a single location with a static IP, besides
> encryption, what would be the difference between using a VPN to connect to
> the corporate network vs. changing the routing to make the corporate network
> the first hop?
>
> It seems to me that the latter combined with a firewall rule and NAT would
> function the same way as a VPN without the overhead.
>
> So other than encapsulating all data between the network and the VPN client,
> is there any advantage to using the VPN over a change in routing?
>
> Thanks in advance for all the good advice.
>
> KC Smith
>
> ~~~Ensuring that suave and debonair sophistication is always a part of IT
>
>
> ---------------------------------------------------------------------------
> Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
> The Gartner Group just put Neoteris in the top of its Magic Quadrant,
> while InStat has confirmed Neoteris as the leader in marketshare.
>      
> Find out why, and see how you can get plug-n-play secure remote access in
> about an hour, with no client, server changes, or ongoing maintenance.
>           
> Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
> ----------------------------------------------------------------------------

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------