Security Basics mailing list archives
RE: VPN overkill?
From: "Justin Acquaro" <JAcquaro () csmcorp com>
Date: Wed, 17 Nov 2004 10:18:56 -0500
You should be able to get away with just one concentrator in the central office and a PIX at the remote site(s). It just seems silly for the remote office to get a dedicated concentrator if they aren't that big, plus you don't need to have a separate firewall/router which you would need if you wanted a concentrator in the remote office. If you have more then 100 people in that remote office I might see an argument but for a small office a single PIX firewall VPN system on a single circuit should prove to be fine. Justin Acquaro IT/MIS Creative Socio-Medics 3500 Sunrise Hwy Great River, New York Main:631-968-2000 Support:888-755-8610 |-----Original Message----- |From: Ted A [mailto:arcturous () hotmail com] |Sent: Tuesday, November 16, 2004 5:17 PM |To: security-basics () securityfocus com |Subject: VPN overkill? | |All, |First off, good fun reading this list. Some really great advice and good |thinkers on here. Thanks for the great questions and great answers. | |So here's my issue. I have an IT infrastructure manager who has raised a |requirement I find myself questioning. |We have a goal of connecting a remote office to a central office via a VPN. |This manager insists that only acceptable way to accomplish this is by |connecting 2 VPN concentrators. I debate this, noting that a PIX should be |more than capable of handling this connection at the remote office and the |only place the concentrator is needed is at the central office. |Am I completely off my rocker, thinking that a second concentrator for a |single connection is a little overboard? | |Thoughts? |Thanks, |Ted | | This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal.
Current thread:
- Re: VPN overkill?, (continued)
- Re: VPN overkill? Jamie Schmidt (Nov 17)
- Re: VPN overkill? Gautam R. Singh (Nov 18)
- RE: VPN overkill? Thomas F. Szabo (Nov 17)
- RE: VPN overkill? Jim McBurnett (Nov 17)
- RE: VPN overkill? Ted A (Nov 17)
- RE: VPN overkill? Thomas F. Szabo (Nov 17)
- RE: VPN overkill? Gary Freeman (Nov 17)
- RE: VPN overkill? d'Ambly, Jeff (Nov 17)
- RE: VPN overkill? Jeff Gercken (Nov 17)
- RE: VPN overkill? Gary Freeman (Nov 17)
- RE: VPN overkill? Justin Acquaro (Nov 17)