RE: VPN overkill?

["Justin Acquaro" <JAcquaro () csmcorp com>]

        You should be able to get away with just one concentrator in the
central office and a PIX at the remote site(s). It just seems silly for
the remote office to get a dedicated concentrator if they aren't that
big, plus you don't need to have a separate firewall/router which you
would need if you wanted a concentrator in the remote office. If you
have more then 100 people in that remote office I might see an argument
but for a small office a single PIX firewall VPN system on a single
circuit should prove to be fine.




Justin Acquaro
IT/MIS
Creative Socio-Medics
3500 Sunrise Hwy
Great River, New York
Main:631-968-2000
Support:888-755-8610

|-----Original Message-----
|From: Ted A [mailto:arcturous () hotmail com]
|Sent: Tuesday, November 16, 2004 5:17 PM
|To: security-basics () securityfocus com
|Subject: VPN overkill?
|
|All,
|First off, good fun reading this list. Some really great advice and
good
|thinkers on here. Thanks for the great questions and great answers.
|
|So here's my issue. I have an IT infrastructure manager who has raised
a
|requirement I find myself questioning.
|We have a goal of connecting a remote office to a central office via a
VPN.
|This manager insists that only acceptable way to accomplish this is by
|connecting 2 VPN concentrators. I debate this, noting that a PIX should
be
|more than capable of handling this connection at the remote office and
the
|only place the concentrator is needed is at the central office.
|Am I completely off my rocker, thinking that a second concentrator for
a
|single connection is a little overboard?
|
|Thoughts?
|Thanks,
|Ted
|
|




This e-mail and any attachments may contain confidential and
privileged information. If you are not the intended recipient,
please notify the sender immediately by return e-mail, delete this
e-mail and destroy any copies. Any dissemination or use of this
information by a person other than the intended recipient is
unauthorized and may be illegal.