Firewall Wizards mailing list archives
Integrated VPN/FW Paranoia
From: "Cary, Kim" <Kim.Cary () pepperdine edu>
Date: Mon, 22 May 2006 09:15:47 -0700
Hi all, Well, for months I've been saying: "When you get the VPN, we'll put it on its own subnet/vlan behind the firewall." Now, I can see the administrative pressure coming to use the VPN device (ASA5520) as the firewall and the VPN. Value engineering, IMO. If we have to 'restart' the VPN for some reason, I don't want to restart the firewall. Further, I want the VPN traffic dumped where our IDS can see it before it goes elsewhere (hence the desire to put it on its own subnet). I realize I'm somewhat inexperienced here, so any opinions from the list members would be appreciated. Would you put an integrated device in front of your class B network and expect it to both protect (fw) and serve (vpn)? If you had to support both internal customers using VPN for auth/encrypt access to 'special' ports related to secured apps as well as remote customers just trying to use vanilla 'lan' apps would you put your VPN on the border? Thanks much! _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Integrated VPN/FW Paranoia Cary, Kim (May 22)
- Re: Integrated VPN/FW Paranoia Kevin (May 22)