Firewall and VPN Device
jason.dowd at us.pwcglobal.com
jason.dowd at us.pwcglobal.com
Mon Oct 25 10:43:35 EDT 1999
I agree that this configuration is the best from a security aspect.
However, many of our clients have not been that interested in this
configuration for one reason or another. For connections between different
sites of the same organization, for example, the additional security has
not be a requirement.
This makes great sense for third-party connections though!
Jason
lhebert at netesys.com (Laurent Hebert) on 10/22/99 03:03:41 PM
To: David Mostardi <davidm at mdli.com>, "'vpn at listserv.secnetgroup.com'"
<vpn at listserv.secnetgroup.com>
cc:
Subject: Re: Firewall and VPN Device
-------------- next part --------------
I read somewhere that the solution you propose is the right one. However,
instead of connecting the VPN box directly on the LAN (in the secure zone),
it was connected on the DMZ of the F/W. This was to increase the access
control for the VPN traffic since it is decrypted at that point and that
traffic can be treated by the F/W. In theory, that make sense but I do not
know if the routing capabilities of the VPN boxe will still be able to work
in that mode...
> |-----------------<firewall>----------------|
> <ISP>---<router> | |---<LAN>
> |--<vpn device>---|
Unsecure Zone DMZ Secure Zone
----------
> De : David Mostardi <davidm at mdli.com>
> A : 'vpn at listserv.secnetgroup.com'
> Objet : Re: Firewall and VPN Device
> Date?: 22 octobre, 1999 01:26
>
> On Oct 21, 7:12, S Ramakrishnan wrote:
>
> > Consider the two configurations:
> >
> > <ISP>-<router>-<vpn device>-<firewall>-<LAN>
> >
> > and
> >
> > <ISP>-<router>-<firewall>-<vpn device>-<LAN>
> >
> > Which of these is more commonly deployed?
>
>
> There is a 3rd configuration, where the firewall
> and VPN box sit side-by-side. The firewall
> continues to monitor most Internet services,
> except it leaves incoming VPN connections to the
> VPN box.
>
>
> |--<firewall>-----|
> <ISP>---<router>---| |---<LAN>
> |--<vpn device>---|
>
>
> ------------------------------------------------------------------------
> David Mostardi Web: http://www.mdli.com
> Unix Systems Manager Email: davidm at mdli.com
> MDL Information Systems, Inc. Voice: (510) 357-2222 x1420
> 14600 Catalina St., San Leandro CA 94577 Fax: (510) 352-2870
>
> -- "When in danger or in doubt, run in circles, scream and shout"
>
> ****************************************************************
> TO POST A MESSAGE on this list, send it to vpn at listserv.secnetgroup.com
>
> The VPN FAQ (under construction) is available at
> http://kubarb.phsx.ukans.edu/~tbird/vpn/FAQ.html
>
> We are currently experiencing "unsubscribe" difficulties. If you
> wish to unsubscribe, please send a message containing the single line
> "unsubscribe vpn your-e-mail-address" to
owner-vpn at listserv.secnetgroup.com
>
> ****************************************************************
****************************************************************
TO POST A MESSAGE on this list, send it to vpn at listserv.secnetgroup.com
The VPN FAQ (under construction) is available at
http://kubarb.phsx.ukans.edu/~tbird/vpn/FAQ.html
We are currently experiencing "unsubscribe" difficulties. If you
wish to unsubscribe, please send a message containing the single line
"unsubscribe vpn your-e-mail-address" to owner-vpn at listserv.secnetgroup.com
****************************************************************
----------------------------------------------------------------
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.
More information about the VPN
mailing list