[vpn] vpn planning

Travis Watson rtwatson at qwest.net
Wed Feb 27 01:26:27 EST 2002


I'm not sure what you are running on the other side, but if you are running
FreeS/Wan on both sides (or at least two IPSec capable devices), no client
software is necessary.  The VPN device will make the distant end look and
function like a logical extension of the existing LAN and vice-versa.

Two notes:
--FreeS/Wan can only do one subnet per secure connection.  So if you need to
get to 5.5.0.0/16 and 6.6.0.0/16, it will require two different tunnels.
Not a big deal, but just so you know.
--IPX is bad juju with IPSec.  If there is any Novel involved, try to
eliminate it or upgrade to 5.1

After the tunnel is up, just have the internal routers point remote end IPs
back to the inside IP of the VPN device, and you should be set.

Regards,

Travis


-----Original Message-----
From: Steve Hunt [mailto:stephen_hunt at sunguru.com]
Sent: Tuesday, February 26, 2002 3:47 PM
To: vpn at securityfocus.com
Subject: [vpn] vpn planning




Hi,  I'm planning to install a vpn so that two of our  locations can share
the same database,and access  each other's local network shares.  I had
planned to use free s/wan with a linux firewall  like ipchains for this,
setting up a NAT with firewalling  rules,then setting up the vpn on that
machine.  After  doing some reading, I see that there's probably more  to
it.  For example,do I need some kind of Windows  vpn client for the windows
workstations?  Is there  anyway to make the vpn transparent to the user,such
that any traffic to the remote LAN is automatically  routed through the vpn?
What are some general recommendations,as in what  software should I use, how
to integrate firewalling into  a vpn solution, sample hardware and software
setups?  Thanks for any info, pointers etc yall can provide!  Steve

VPN is sponsored by SecurityFocus.com



VPN is sponsored by SecurityFocus.com





More information about the VPN mailing list