[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Where to place a VPN gateway
Title: [FW1+vpn] VPN with pix and firewall-1 We
wanted to put the VPN gateway inside the firewall dmz so that we can protect the
vpn box from getting hacked. This way we can control what kind of traffic comes
at the VPN gateway from the internet. Since the only traffic coming out of the
VPN gateway into the internal network is going to be ipsec I should not have to
worry too much and can directly connect the internal interface of vpn box to the
internal network.
What do you think?
[Siddiqui, Kamran] -----Original Message----- From: Glover, Duke [mailto:[email protected]] Sent: Thursday, October 19, 2000 12:38 PM To: [email protected]; [email protected] Subject: RE: [FW1] Where to place a VPN gateway You should attach the VPN box outside of the FW or on
another FW interface. At least that way you could control what type of
traffic, and what destination, the VPN box allowed into your network. If
you attach the VPN box directly to your internal Net you lose all control of
the traffic.
|