Any help with VPN termination?

• Previous message: Daniel Whalen: "Problems installing Fedora Core 3"
• Next in thread: Aaron P. Martinez: "Re: Any help with VPN termination?"
• Reply: Aaron P. Martinez: "Re: Any help with VPN termination?"
• Reply: Florin Andrei: "Re: Any help with VPN termination?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: <fedora-list@redhat.com>
Date: Wed, 4 May 2005 11:26:33 -0400

Hi all,

I'm a relative newbie to VPN, and I've been asked to investigate setting up
a VPN for a small office of about 50 people. The network architecture is an
external firewall (which may be replaced with a firewall / VPN appliance,
probably Astaro at this point), a DMZ containing Linux-webservers
(192.168.2.x), and an internal Linux firewall protecting the LAN
(192.168.1.x), composed of Windows XP machines, and also the file/mail
servers (which will be switched to WIndows Server as per management's
request).

Now my question - where is the best place for the VPN to terminate, assuming
that VPN users need access to the file servers inside the LAN? With an
external firewall / VPN appliance, as far as I understand it, the VPN
sessions would terminate inside the DMZ, with an IP of 192.168.2.something.
Providing those VPN users with access to the fileservers inside the LAN
would require punching a bunch of holes in the internal firewall, right?
This isn't something that sounds too appealing to me. But what other
solutions are there? Is it preferable to forward the VPN connection to be
terminated on the inside firewall instead, so sessions would terminate
inside the LAN with a 192.168.1.something IP?

Could anybody with VPN experience suggest the best way to solve this? And
forgive me if I'm screwy with some of the details of how VPN works, I'm
still learning up on PPTP / L2TP / IPsec etc etc....

Regards,

Nick Phillips

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

• Previous message: Daniel Whalen: "Problems installing Fedora Core 3"
• Next in thread: Aaron P. Martinez: "Re: Any help with VPN termination?"
• Reply: Aaron P. Martinez: "Re: Any help with VPN termination?"
• Reply: Florin Andrei: "Re: Any help with VPN termination?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: Routes ... succeed with the original requirements because it won't limit LAN access to the ... access to only the Terminal Server by using something like ISA,...once the user ... I will allow full network access to the VPN clients. ... terminate at the servers and no further into the LAN. ... (microsoft.public.windows.server.networking) Re: Webserver sicher machen mit IPSec ... >> die Firewall wie beschrieben konfigurieren kann.. ... Server und Clients gibts auch für Win, aber Du kannst eben nicht dex XP ... Client VPN nehmen.. ... die man anscheind aber nicht noch LAN und VPN ... (microsoft.public.de.inetserver.iis) RE: [fw-wiz] worm + VPN + firewall ... No matter where the VPN tunnel actually terminates, ... Terminate on the outside, Cleartext on the inside around a firewall. ... Generally bad unless you can regulate traffic on VPN device. ... (Firewall-Wizards) RE: Sandboxing ... the 3Com Embedded Firewall would be extremely useful and enabling (in ... your case) when you look at it in a VPN context. ... This security policy will accomplish quite a few things: ... During the Policy Server installation, ... (Focus-IDS) Re: Need help selecting a firewall ... NEVER put the mail and web server in the DMZ is what everyone is ... VPN (we need to give access to staff members to use the LAN resources ... Are you sure they absolutely need VPN? ... Get a norton velociraptor firewall appliance. ... (comp.security.firewalls)