VPN's Strategic Location?

[Christopher Gripp]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In most instances I prefer putting the VPN on a DMZ interface
connecting to the firewall.  Since the traffic will hit the FW
unencrypted you can do fun things like authenticate the traffic on a
very granular basis, such as by protocol, source or dest address.  
Christopher S. Gripp
Systems Engineer
Axcelerant
Connecting Everyone In Your Business World
Visit us @ http://www.axcelerant.com <http://www.axcelerant.com/>  

 

- -----Original Message-----
From: Tech, Ed [mailto:Ed.Tech at LC.CA.GOV]
Sent: Thursday, April 26, 2001 12:32 PM
To: VPN at SECURITYFOCUS.COM
Subject: VPN's Strategic Location?



Hello Everyone, 
We are in the testing mode of a Cisco VPN 3030 concentrator which
seats behind a CheckPoint Firewall. 
Please provide pros and cons of different locations for a VPN
concentrator. 
Another setup is to have it side by side with a Firewall behind the
Internet router. 
What are the pros and cons of this setup as oppose to having the VPN
box seat behind a firewall? 
Also, I've read that the Cisco VPN 3030 uses IPSec over UDP. 
This is the highest or most secure tunnelling protocol that the VPN
3030 can implement. 
Why is this not as secure as what they call a Native IPSec? 
Will IPSec over UDP affects the most secure placement of the VPN
3030? 
Please provide your opinions folks. 
thanks to everyone, 
Ed 


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBOu2dH2LRPLnfp/zREQJY9gCbBQ+7FGhbnDI0CBtFHhrPFZRYASAAn3Ho
38jldP0YUqMWhT8dvvqujkgd
=K7+7
-----END PGP SIGNATURE-----

VPN is sponsored by SecurityFocus.COM