Firewall Wizards mailing list archives
Re: Opinions on VPN?
From: Andreas Gunnarsson <Andreas.Gunnarsson () emw ericsson se>
Date: Mon, 19 Apr 1999 13:34:07 +0200 (CEST)
On Sat, 17 Apr 1999, Jan B. Koum wrote:
Am I alone in the opinion that VPN mostly suck or is it just because I tend to run into a lot of misconfigured cisco routers which do encrypt data, but also route packets from others into your net :(
I think VPN is a useful tool but you shouldn't allow a VPN through a
firewall IMHO. Here is a way to use a VPN:
Internal net ----- Firewall ----- external net
|
VPN-gateway
The firewall lets only ipsec (or whatever the VPN is using) through from
the outside to the VPN-gateway, and then the firewall can filter the
unencrypted traffic that goes to the internal net.
If two sites connects this way it should be as secure as the VPN and
firewalls. If mobile clients connects to the VPN you have to make sure
that the client itself is secure so it can't be used as a way into the VPN
via NetBus etc.
Andreas
------------------------------------------------------------------------------
Andreas Gunnarsson Nat: 031-7476081
andreas.gunnarsson () emw ericsson se Int: +46 31 7476081
http://www.dd.chalmers.se/~zzlevo/ Fax: 031-7473771
Current thread:
- Opinions on VPN? Jan B. Koum (Apr 18)
- Re: Opinions on VPN? Frederick M Avolio (Apr 19)
- Re: Opinions on VPN? Andreas Gunnarsson (Apr 19)
- Re: Opinions on VPN? Jonathan Poole (Apr 20)
- Re: Opinions on VPN? Rick Smith (Apr 20)
- Message not available
- Re: Opinions on VPN? dreamwvr (Apr 20)
- <Possible follow-ups>
- Re: Opinions on VPN? Ryan Russell (Apr 19)
- Re: Opinions on VPN? Paul M. Cardon (Apr 20)
- RE: Opinions on VPN? Kyle Starkey (Apr 20)
- RE: Opinions on VPN? Litney, Tom (Apr 20)
- Re: Opinions on VPN? Philip S Holt, Security Engineer / Network Engineer (Apr 21)
- RE: Opinions on VPN? John McDonald (Apr 20)
- RE: Opinions on VPN? dreamwvr (Apr 21)