Protocol 50/51 security

Mather, Steve smather at ALTIGA.COM
Fri Mar 24 20:05:19 EST 2000


You only need to punch holes in your firewall if you place the VPN appliance
behind your firewall.  You can run the VPN appliance in parallel with you
firewall or better yet, place the public interface of the VPN appliance in
parallel with the external interface of your firewall and connect the
private interface of the VPN appliance to another Ethernet interface of your
firewall (DMZ or separate private segment).  This will eliminate your
security concerns and the rules you have defined in your firewall can be
applied to all traffic (including the data coming from and going to the
tunneled users.

-----Original Message-----
From: Michael Louie [mailto:mlouie at SPEAKEASY.ORG]
Sent: Friday, March 24, 2000 7:58 PM
To: VPN at SECURITYFOCUS.COM
Subject: Protocol 50/51 security


Would anyone be able to either provide some further information, or point me
in
the right direction for this?  Basically, we are deciding on whether or not
VPN
is the right solution for us, however we are worried (perhaps paranoid would
be
a better word) about security.  Allowing VPN basically involves opening our
firewall to allow external access to protocols 50 & 51.  I realize this is
normally accepted as secure, however this application is for a financial
institution.

THanks,
Mike

VPN is sponsored by SecurityFocus.COM

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list