Can I setup a VPN this way?
David Gillett
dgillett at NIKU.COM
Wed Feb 14 15:12:04 EST 2001
> Can a VPN start at site A and terminate at site C? Each site has its own
> network id!
In theory, yes. In practice, the NetScreen boxes don't do this up to
version 2.0x; I don't yet know if 2.5 succeeded in adding this capability.
(It was on an early list of intended features for this release.)
> By the way, can a VLAN (lay 3) also provide "security"?
Somewhat, but VLANs aren't really designed to be a security tool, and so
their trunking protocols *may* be subject to vulnerabilities. I'd think
carefully about how important security is to your situation before relying
on VLANs as the mechanism.
David Gillett
Senior Network Engineer
(650) 701-2702
Niku Corp. "Transforming the Service Economy"
-----Original Message-----
From: VPN Mailing List [mailto:VPN at SECURITYFOCUS.COM]On Behalf Of Ivan
Fox
Sent: Tuesday, February 13, 2001 4:30 PM
To: VPN at SECURITYFOCUS.COM
Subject: Can I setup a VPN this way?
There are 3 sites in serial, i.e., A -> B -> C. Each site has a Check Point
VPN-1. They are connected using leased E1 lines.
Can a VPN start at site A and terminate at site C? Each site has its own
network id!
Any comments are appreciated.
By the way, can a VLAN (lay 3) also provide "security"?
Any pointers/comments are welcome.
Ivan
VPN is sponsored by SecurityFocus.COM
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list