[VPN] VPN client behind-thru firewall

Mark D Robinson mrobinso at fpkc.com
Mon Aug 11 16:57:47 EDT 2003


I've looked through the archives, but didn't find anything on this.

Briefly, we've got a big client who has a database that they want us to be able to access remotely. The client sent us some VPN client software (Nortel Contivity client) along with a couple of RSA SecurID tokens. Things are designed to access a Citrix server via an IPSec tunnel using the supplied client software. They apparently want us to install the VPN client and Citrix client on PCs behind our firewall, after poking the appropriate holes (AH, ESP, IKE) in said firewall.

While using VPN client software this way is common for remote access from home or while travelling, I'm concerned about installing it on hosts inside our firewall. I'd have no control over the traffic that's flowing through the IPSec tunnel. Are these concerns justified? Do you have any suggestions on better ways to handle this? Thanks.


Mark



More information about the VPN mailing list