Inter-Corporate VPN's

Chris Carlson carlsonmail at yahoo.com
Tue Jul 24 15:49:05 EDT 2001 

Ah!

You're running into one of the problems with IPSec
VPNs.  Overlapping IP address space is a huge
limitation and NAT pools will only complicate the
matter further in addition to causing problems with
IPSec.

My suggestion is thus:

Don't do a workaround with your IP address space. 
You'll never get it right, and the next
customer/partner/supplier that you link up might break
it.

SOLVE it by going with public addressable IP address
space.  Create a second DMZ with this routable space
and put your servers here.  This second DMZ will allow
you to quickly and easily add the segment without
impacting how you do your current primary DMZ.

Also, if you have customers connecting to your
servers, you shouldn't have them connect to the INSIDE
of your network in the first place.  Any compromise on
the server they're allowed to go will let them access
other parts of the network.  Keep them separated!

Oh, another way to do it is to host your servers in a
Data Center (like Exodus, a qualified ISP, or other). 
You'll still get public IP space, you can put your
NetScreen boxes there, plus you'll get the benefit of
power backup, cooling, etc.

Good luck to you.  Please respond back to the list
with what you eventually decided upon.

Chris
--

--- David Leija <DLeija at PENSON.COM> wrote:
> We are planning to deploy Netscreen NS-5's to our
> clients. They will connect
> to our network using specified protocols with a
> NS-10. I'm not sure this is
> exclusively VPN  related, but we've found that a lot
> of clients are going to
> have network architectures similar to ours or even
> each others. We've notice
> at least 60% use the 172.16.0.0 range for their
> internal addressing. Do
> Netscreens, or possibly an alternative solution,
> account for this
> possibility. We want to avoid creating multiple
> DMZ-NAT-DMZ layers if
> possible. TIA.
> 
> L. David Leija
> Penson Financial Services
> dleija at penson.com
> (214) 765-1228
> 
> 
> 
> VPN is sponsored by SecurityFocus.com
> 


__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/

VPN is sponsored by SecurityFocus.com

More information about the VPN mailing list