Vs: [vpn] VPN and firewall question

Igor Pronin Igor.Pronin at Elma.Net
Thu Oct 11 05:07:55 EDT 2001


>> Sorry could you explain further.  If the client is running a VPN
>client to a
>> VPN gateway and it has been set that it will only receive encrypted
>traffic
>
>Some kind of a firewall ? Is it also restricted by the sender IP
address
>i.e. only VPN Gateway allowed?
>
>Not certain I understand what you mean here. I am not saying that it is
>providing firewall functions, just that on the client it only allows
>communications to and from the VPN gateway. The VPN gateway is behind a
>firewall etc.
>

Isn't it providing "firewall functions" if it restricts communication
from all other places except the VPN gateway? What else do you mean with
"firewall functions" except restricting communications? And if the the
sole access VPN Gateway is behind a firewall your computer is behind
that firewall, too.

The next question is how the VPN Client is running: if all the time then
the next question of course is who has access to the gateway and what
kind of security/firewall it has? If the VPN client is only run from
time to time - i.e. when acces to the company intranet is needed - what
happens in the meantime. Is your computer running, connected to Internet
through the ISP - then you definitely need a separate firewall as the
VPN access restrictions do not apply.

>Agreed - the model is along the lines of:
>
>    Internet
> ^
> |
>CLIENT <---(via Internet)----F/W------->VPN GATEWAY -----> Intranet
>   |    |
>   ==========================================  (IPSec tunnel)
>

Does the picture above show two separate connections?

1) CLIENT ---> (up) Internet
2) CLIENT ---> (to the right) To Intranet

>Client network interface set to only accept authenticated/encrypted
packets
>from the gateway.

If the picture is to be interpreted that you have 2 separate connections
how is the alternative 1) secured?

>All routing for the Client when connected is via the
>Gateway. Main purpose would be to stop Internet Hi-Jacking
>

regards

Igor.Pronin at iki.fi



VPN is sponsored by SecurityFocus.com





More information about the VPN mailing list