Firewall Wizards mailing list archives
RE: VPN concentrators
From: Brian Ford <brford () cisco com>
Date: Tue, 27 Aug 2002 10:25:23 -0400
James, At 10:53 PM 8/26/2002 -0400, firewall-wizards-request () honor icsalabs com wrote:
So users would be employees. (totally untrsutworthy :P)
Excellent call.
Client software would probably depend on Device as a number of beneficialfeatures can be used if you match the client to the device (personal firewalls,autmated upgrading of clients etc...) users would be about 250 initially but up to 4000 potentially in the future.
So here is a problem. 250 users that use one client operating system means that you will need (to add?) a person to support (given some form of personal Firewall and some automated updating of client software), and monitor VPN clients usage full time. That's a nasty job if you add additional operating systems (there will always be one platform that doesn't get supported as well as others). That's multiple bodies as you grow to 4000 users.
Not sure what you mean by access control? Do you mean to internal resources? If VPN traffic could be split inot different network pools then internal NIDS, andACLs could manage this (along with obvious host/resource access controls)
Would different VPN users belong to different groups and would different groups have more or less privileges or access to resources than others.
What are tehses mysterious "IPSEC issues" that we are all aware of ( or perhapsnot in my case) ??
No mystery. NAT handling. Getting through client side Firewalls or filters. Liberty for All, Brian _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: VPN concentrators, (continued)
- Re: VPN concentrators Patrick Darden (Aug 27)
- Re: VPN concentrators B. Scott Harroff (Aug 26)
- Re: VPN concentrators Daniel Linder (Aug 28)
- Re: VPN concentrators Patrick Darden (Aug 28)
- RE: VPN concentrators Ben Nagy (Aug 29)
- RE: VPN concentrators Schouten, Diederik (Diederik) (Aug 26)
- RE: VPN concentrators Patrick Darden (Aug 26)
- RE: VPN concentrators Schouten, Diederik (Diederik) (Aug 26)
- RE: VPN concentrators Crispin Harris (Aug 26)
- RE: VPN concentrators Patrick Darden (Aug 27)
- RE: VPN concentrators Brian Ford (Aug 27)
- RE: VPN concentrators Schouten, Diederik (Diederik) (Aug 27)
- RE: VPN concentrators Crispin Harris (Aug 27)
- RE: VPN concentrators R. DuFresne (Aug 27)
- RE: VPN concentrators Crispin Harris (Aug 27)
- RE: VPN concentrators Crispin Harris (Aug 29)
- RE: VPN concentrators Patrick Darden (Aug 29)
- RE: VPN concentrators Nilesh Chaudhari (Aug 29)
- RE: VPN concentrators R. DuFresne (Aug 29)
- RE: VPN concentrators Nilesh Chaudhari (Aug 30)
- RE: VPN concentrators Patrick Darden (Aug 29)