Firewall Wizards mailing list archives
Re: Opinions on VPN?
From: dreamwvr <dreamwvr () dreamwvr com>
Date: Mon, 19 Apr 1999 17:00:29 -0600
hi, great thread! to elaborate IMHO it should be done in parallel with the firewall. like below... Internet -------| BastionA |-------------[ Int Net ] | BastionA | | VPN-------------- VPN GW that way all traffic going out us evaluated by firewall then pours out the interface dedicated to VPN GW where it is encrypted and sent along its merry way. incoming VPN GW handles only VPN traffic and once reverse engineered ;-) decrypted it is evaluated by the firewall before continuing any further. the top Internet side interface handles all other internet traffic flow period.. well FWIW that is my opinion:-) Regards, dreamwvr () dreamwvr com At 01:34 PM 4/19/99 +0200, Andreas Gunnarsson wrote:
On Sat, 17 Apr 1999, Jan B. Koum wrote:Am I alone in the opinion that VPN mostly suck or is it just because I tend to run into a lot of misconfigured cisco routers which do encrypt data, but also route packets from others into your net :(I think VPN is a useful tool but you shouldn't allow a VPN through a firewall IMHO. Here is a way to use a VPN: Internal net ----- Firewall ----- external net | VPN-gateway The firewall lets only ipsec (or whatever the VPN is using) through from the outside to the VPN-gateway, and then the firewall can filter the unencrypted traffic that goes to the internal net. If two sites connects this way it should be as secure as the VPN and firewalls. If mobile clients connects to the VPN you have to make sure that the client itself is secure so it can't be used as a way into the VPN via NetBus etc. Andreas ---------------------------------------------------------------------------
---
Andreas Gunnarsson Nat:
031-7476081
andreas.gunnarsson () emw ericsson se Int: +46 31
7476081
http://www.dd.chalmers.se/~zzlevo/ Fax:
031-7473771
Reuters, London, February 29, 1998: Scientists have announced discovering a meteorite which will strike the earth in March, 2028. Millions of UNIX coders expressed relief for being spared the UNIX epoch "crisis" of 2038. _______________________________________________________________________ DREAMWVR.COM - TOTAL INTERNET SERVICES Featuring Website Development and Web Strategies of a TOP Developer By Hand Since the Web Began.. Design, Development, Integration, Security <http://www.dreamwvr.com/services/MAX_SEC.html> DREAMWVR.COM - The Console of Many... 24 X 7 Evolution Internet <http://www.dreamwvr.com/dynamicduo.html> <mailto:dreamwvr () dreamwvr com> <*<*<* Proud Linux-Mandrake Distributor *>*>*> <http://www.dreamwvr.com/mandrake/mandrake-dist.html> "As Unique as the Company You Keep." "===0 PGP Key Available ________________________________________________________________________
Current thread:
- Opinions on VPN? Jan B. Koum (Apr 18)
- Re: Opinions on VPN? Frederick M Avolio (Apr 19)
- Re: Opinions on VPN? Andreas Gunnarsson (Apr 19)
- Re: Opinions on VPN? Jonathan Poole (Apr 20)
- Re: Opinions on VPN? Rick Smith (Apr 20)
- Message not available
- Re: Opinions on VPN? dreamwvr (Apr 20)
- <Possible follow-ups>
- Re: Opinions on VPN? Ryan Russell (Apr 19)
- Re: Opinions on VPN? Paul M. Cardon (Apr 20)
- RE: Opinions on VPN? Kyle Starkey (Apr 20)
- RE: Opinions on VPN? Litney, Tom (Apr 20)
- Re: Opinions on VPN? Philip S Holt, Security Engineer / Network Engineer (Apr 21)
- RE: Opinions on VPN? John McDonald (Apr 20)
- RE: Opinions on VPN? dreamwvr (Apr 21)
- RE: Opinions on VPN? Andreas Gunnarsson (Apr 22)
- RE: Opinions on VPN? dreamwvr (Apr 21)
- RE: Opinions on VPN? Dendeni, Iyes (Apr 21)
- RE: Opinions on VPN? Litney, Tom (Apr 21)