[vpn] help!!!

TAN, Raymond raymond.tan at atica.pm.gouv.fr
Thu Oct 25 04:51:43 EDT 2001


	Hello,

	I'm acquainted with firewalls, routers, networking, Network address
translation, PAT, etc....but really only from an academic point of view from
readings here and there. I 've no practical experience at all in setting up
and managing a network be it LAN or WAN. My real problem is therefore "
seeing " how real equipements are placed. How they are physically connected.
Why must there be two IP addreses for a firewall ? For a routeur also ?
etc..etc....Most configurations I see in revues give a schematic
representation but don't deal with such basic practical questions and it
doesn't really help me at all. 

	Also questions which often crop up like : 
1.	when I configure a router with network translation, what is actually
" seen " by the outside world (internet) ? As the RFC private non routable
addresses of the company are translated, is it just ONLY the firewall IP
public address which is visible to the outside world ? What if internal
servers are accessible to the outside world and dispose of public IP
adresses ? Are these IP adresses seen as is ? ie with their own publicly
affected IP addresses to the outside world when they get through the company
firewall to communicate with another server on internet or is it the address
of the firewall which is systematically substituded to theses adresses and
therefore the only visible address seen by the outside world ? 
2.	A routeur is itself a sort of firewall for IP filtering right ?. But
a PC connected to a routeur where a software operates some sort of
application filtering is also a firewall right ? When I read articles on
firewall, there aren't mention about what kind of firewall is used. Do I
sound confuse ? 
3.	An ACL on a cisco router allows trafic based on IP source,
destination, port, protocole addresses as well as trafic direction. What
does it mean to say that trafic is allowed to circulate only from addresse
source A to destination address B ? If A sends trafic to B, and B replies to
A, trafic is necessarily a two way issue isn't it ? If the ACL says : only
A--> B, then A will never ever get replies from B since only unidirectionnel
flow is permitted. Do I sound silly with this question ?
4.	And so many other questions in this vein : Sendmail, DNS, .....which
is really fascinating and captivating. But I hope that someone can enlighten
me on the first three questions.

	Sorry about asking these basic questions which probably shouldn't
figure here. But I'm really at a lost as to where I can find clear practical
answers to my questions because surfing on the net hasn't really help me
find the right (non academic) answers. I find a number of sites but maybe I
didn't open or check up the right ones. I don't know about lists or
newsgroups where I can subscribe so as to get the " feel " of the whole
thing.

	If anyone has got a tutorial, a short practical guide about all
that's necessary to put up a LAN, WAN, VPN, etc...or knows about a site with
good clear concrete examples and explanations, please can you give send me
the url links ?

	I need to know as I'm new on this job and have no way of going
through a course to help me understand the network issue from a very
pragmatic point of view.

	Thanks a lot in advance for any help given.

	RT

VPN is sponsored by SecurityFocus.com





More information about the VPN mailing list