Security Basics mailing list archives
RE: VPN architecture for POCKET PC
From: "Gary Freeman" <Gary.Freeman () rci rogers com>
Date: Wed, 1 Dec 2004 10:29:35 -0500
Hi Hassan, I would place the VPN concentrator into the presentment DMZ and only allow access to the VPN device from ANY using Protocol 50 and UDP 500. Users connecting can get a local address from a routable address pool within your DMZ and then have the VPN assign a routing table to allow them to only access addresses that are on your LAN via the inside interface on the presentment firewall. The second firewall, facing your LAN can then permit only the VPN pool addresses in and NAT them to services on the inside. Gary Freeman ******************************************** This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, do not read the contents and delete it immediately. ******************************************** -----Original Message----- From: hassan hani [mailto:amni___ () hotmail com] Sent: Tuesday, November 30, 2004 1:37 PM To: security-basics () securityfocus com Subject: VPN architecture for POCKET PC we have tHIS ARCHITECTURE in our network LAN -------------FW1 ----------FW2------------Internet | | dMZ we want to implement a vpn for a usage only between a server in the LAN and the Pocket PC . the pocket PC sould be connected to GPRS . my question is: where the VPN Gateway should be placed in the architecture above to permit security? how to be sure that there will be no intrusion?
Current thread:
- RE: VPN architecture for POCKET PC Gary Freeman (Dec 01)
- <Possible follow-ups>
- RE: VPN architecture for POCKET PC Trevor Cushen (Dec 01)
- RE: VPN architecture for POCKET PC Gary Freeman (Dec 02)
- RE: VPN architecture for POCKET PC Ghaith Nasrawi (Dec 02)