Firewall Wizards mailing list archives

RE: Opinions on VPN?

From: dreamwvr <dreamwvr () dreamwvr com>
Date: Sat, 24 Apr 1999 21:41:40 -0600

At 07:41 PM 4/23/99 -0700, David Bovee wrote:

I think another architecture which is fairly common is implementing a
separate VPN box in parallel with a firewall. This presents the same

we are in agreement that the vpn should really be run in parallel..

security, or more, as the "kitchen sink" claim espoused below.

my kitchen sink comment were regarding not layering too many self 
defence tools all on one box:-) else we tend to trip over the defenses 
we rely upon..;-) the SEC industries need to roll all in one solutions 
is understandable but.. not really a good point of view from a security
point of view IMHO.

Personally, I think FW+VPN is a great solution for a company whose
performance and business requirements dictate these features with an
accepted performance limit. The other thing that FW+VPN solves that many of
the other solutions do not, is NAT and VPN protocol compatibility. Let me
remind you that NAT and VPN are not very friendly when they're in the same
ring...

.. true but is a swiss army knife always the right tool? somehow i doubt it.
opsec compliant standards are beginning to make the go round so this should 
fill the gap. else use straight open standards to fill the bill.. or rather
not fill bill;-)
                                                        Regards,
                                                        dreamwvr () dreamwvr com
Reuters, London, February 29, 1998: 
Scientists have announced discovering a meteorite which will strike the 
earth in March, 2028.  Millions of UNIX coders expressed relief for being 
spared the UNIX epoch "crisis" of 2038.
_______________________________________________________________________

********** DREAMWVR.COM - TOTAL INTERNET SERVICES **********
TOTAL DESIGN - DEVELOPMENT - INTEGRATION - SECURITY - Click Here..
      <http://www.dreamwvr.com/services/MAX_SEC.html>
DREAMWVR.COM - The Console of Many... 24 X 7 Evolution Internet
<http://www.dreamwvr.com/dynamicduo.html> <mailto:dreamwvr () dreamwvr com>
<*<*<* Proud Linux-Mandrake Distributor *>*>*>
<http://www.dreamwvr.com/mandrake/mandrake-dist.html>
"As Unique as the Company You Keep."        "===0 PGP Key Available  
________________________________________________________________________

Current thread:

Re: Opinions on VPN?, (continued)
- - Re: Opinions on VPN? Philip S Holt, Security Engineer / Network Engineer (Apr 21)
- RE: Opinions on VPN? John McDonald (Apr 20)
  - RE: Opinions on VPN? dreamwvr (Apr 21)
    - RE: Opinions on VPN? Andreas Gunnarsson (Apr 22)
- RE: Opinions on VPN? Dendeni, Iyes (Apr 21)
- RE: Opinions on VPN? Litney, Tom (Apr 21)
- RE: Opinions on VPN? Russ (Apr 21)
- Re: Opinions on VPN? Rodney van den Oever (Apr 22)
- RE: Opinions on VPN? Russ (Apr 23)
  - RE: Opinions on VPN? David Bovee (Apr 24)
    - RE: Opinions on VPN? dreamwvr (Apr 25)
- Re: Opinions on VPN? Robert Graham (Apr 24)
  - Re: Opinions on VPN? myles (Apr 29)
    - Re: Opinions on VPN? Joseph S D Yao (Apr 29)
- RE: Opinions on VPN? TC Wolsey (Apr 24)