[VPN] SAP support through VPN

Travis Watson travis at traviswatson.com
Tue May 25 01:42:26 EDT 2004


Buenas.

There aren't any obvious security problems with your scenario, but VPN clients 
don't like to play together nicely, as a general rule.  The Cisco client will 
probably not work with the Nortel client on the same machine (or Netscreen 
with Windows, etc.).  I can see problems with that.  If everyone is on the 
same network, it might be cheaper and easier to just use a VPN-capable device 
and make IPSec b2b tunnels--though I understand that your business partners 
may not have devices in place for that.

Regards,

Travis

On Wednesday 19 May 2004 01:55 pm, venicio_boas at br.schindler.com wrote:
> Dear all
>
>            My company intend to use SAP remote support through the RAS VPN
> according to the picture below. The company which povide te share support
> service already use diffrent clients for accessing different customers :
> Cisco client
>  Netscrren client
>  Windows VPN client
>  Nortel client
>
> at the some internal machine. They passed us the following information
> about  RA VPN of them:
>
> Access to customers using Internet based VPNs are done through an isolated
> link to Internet and each workstation that needs the access is mapped to
> an individual valid network address.
>
> All workstations and VPN client used is configured to avoid multiple
> tunnels and the connection to service provider corporate network while a
> VPN tunnel remains active.
>
> To improve security, no routes are added to this isolated internet link,
> except those that match our customers VPN gateway addresses.
>
> Scalability is obtained through a 34 Mbps internet link without usage
> limitation
>
>
>
>
>
>
>         I would like to question if using these clients and the
> configuration above, are there security  risks in contract this share
> service and which possible tests we should make for assuring that we won´t
> have problems in the future ?
>
> Thank you for any hints.
>
>
> Venicio Vilas-Bôas
> Elevadores Atlas Schindler S/A
> Tel. 55 11 6120-5431




More information about the VPN mailing list