|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] PPTP thru SecuRemote ...?
Hi Aylton, It is not really an authentication issue as such (although that comes into play - using straight PPTP is not exactly foolproof by any means) but one of convenience combined with increased security between the firewalls. With one FW-1 box you are authenticated at the firewall, and have access to the resources that you allocate in FW-1. With two firewalls, one behind FW-1, VPNs are much more difficult. Imagining we are going to have our VPN endpoint at the first firewall, for access to simple things like NT shares, not to mention applications like Outlook, you have to open up multiple ports to multiple servers on the internal firewall. In this instance it is hardly worth having the second firewall there if you are going to open up so many ports to the internal network. Better to have one port and GRE open to one server after the SR connection is made. This will also simplify admin for resources since the RAS server is allocating IPs, and handling access to the internal network resources. It seems the only problem is getting it to work consistently....... Regards JP -----Original Message----- From: Aylton Souza, CISSP [mailto:[email protected]] Sent: Thursday, May 24, 2001 7:34 AM To: Jean-Pierre Harvey; 'Wehmeier, Andreas'; Fw-1-Mailinglist (E-mail) Subject: Re: [FW1] PPTP thru SecuRemote ...? Hi Jean Pierre. Hm.. I understand, but for the other hand it increases the TCO and related management in a way the pay off is questionable, Maybe a good combination of strong vpn/ fw (as vpn-1 is) and good authentication (as certificates / securid) could make better, considering the administration point of view... Suggestions and thoughts welcome... <<application/ms-tnef>>
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
