Re: VPN concentrators

[Patrick Darden <darden () armc org>]

Actually, what you describe is only slightly different from what I
describe.  I can't really think of any differences, except that yours may
cost less but possibly provide less performance....

--
--Patrick Darden                Internetworking Manager             
--                              706.475.3312    darden () armc org
--                              Athens Regional Medical Center


On Mon, 26 Aug 2002, Dave Piscitello wrote:

> Goes to show you that "best thinking" is subjective.
>
> Firewall appliances with crypto acceleration for IPsec and an optional/DMZ 
> port satisfy most site requirements without all the extra hardware, 
> addressing/subnetting, and routing issues (how you return IPsec traffic 
> when you have FW and VPN appliance in parallel isn't a simple "default 
> gateway is the firewall" config on the internal network). You also don't 
> have to manage policy across multiple systems with multiple UIs, and you 
> don't have to deal with multiple sources of logging and reporting of policy 
> violations.
>
> I'm happy with this arrangement.
>
> At 08:39 AM 8/26/2002 -0400, Patrick Darden wrote:
> > Here is the current best thinking, to my knowledge:
> >
> >      ds3 to internet
> >       |
> >       |
> > ---------------
> > Bastion Router|
> > ---------------
> >    |     |
> >    |      \
> > firewall   \
> >    |       vpn engine
> >    |           |
> > ==================
> > internal network |
> > ==================
>
>
> David M. Piscitello
> Core Competence, Inc. &
> 3 Myrtle Bank Lane
> Hilton Head, SC 29926
> dave () corecom com
> 843.689.5595
> www.corecom.com
>
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () honor icsalabs com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards