Firewall and VPN Device

John E. Horton jehorton at erols.com
Fri Oct 22 12:06:56 EDT 1999 


There is a fourth - connect the VPN device to another interface on the 
firewall and apply firewall rules to the VPN traffic.

                            |---------------<firewall>--------------|
<ISP>---<router>--|                         |                 |---<LAN>
                            |---<vpn device>---|

This provides access control over applications through the VPN.

Cheers -
John Horton


At 10:26 PM 10/21/99 -0700, David Mostardi wrote:
>On Oct 21,  7:12, S Ramakrishnan wrote:
>
> > Consider the two configurations:
> >
> >   <ISP>-<router>-<vpn device>-<firewall>-<LAN>
> >
> > and
> >
> >   <ISP>-<router>-<firewall>-<vpn device>-<LAN>
> >
> > Which of these is more commonly deployed?
>
>
>There is a 3rd configuration, where the firewall
>and VPN box sit side-by-side.  The firewall
>continues to monitor most Internet services,
>except it leaves incoming VPN connections to the
>VPN box.
>
>
>                       |--<firewall>-----|
>    <ISP>---<router>---|                 |---<LAN>
>                       |--<vpn device>---|
>
>
>------------------------------------------------------------------------
>David Mostardi                                 Web: http://www.mdli.com
>Unix Systems Manager                         Email: davidm at mdli.com
>MDL Information Systems, Inc.                Voice: (510) 357-2222 x1420
>14600 Catalina St., San Leandro CA 94577       Fax: (510) 352-2870
>
>       -- "When in danger or in doubt, run in circles, scream and shout"
>
>****************************************************************
>TO POST A MESSAGE on this list, send it to vpn at listserv.secnetgroup.com
>
>The VPN FAQ (under construction) is available at
>http://kubarb.phsx.ukans.edu/~tbird/vpn/FAQ.html
>
>We are currently experiencing "unsubscribe" difficulties.  If you
>wish to unsubscribe, please send a message containing the single line
>"unsubscribe vpn your-e-mail-address" to owner-vpn at listserv.secnetgroup.com
>
>****************************************************************

****************************************************************
TO POST A MESSAGE on this list, send it to vpn at listserv.secnetgroup.com

The VPN FAQ (under construction) is available at
http://kubarb.phsx.ukans.edu/~tbird/vpn/FAQ.html

We are currently experiencing "unsubscribe" difficulties.  If you
wish to unsubscribe, please send a message containing the single line
"unsubscribe vpn your-e-mail-address" to owner-vpn at listserv.secnetgroup.com

****************************************************************

More information about the VPN mailing list