Re: vpn

From: "Phillip Windell" <philwindell@xxxxxxxxxxx>
Date: Mon, 10 Dec 2007 11:06:26 -0600

"Dave Beanie" <dbeanie@xxxxxxxxxxx> wrote in message
news:EEF38D23-E50F-4888-9546-EEA632C4F6BC@xxxxxxxxxxxxxxxx

is there a setting in the router that will allow more than one vpn at a
time?

Probably not. You trying to use "home user" technology in a commercial
envronment.

I will be connecting this at the customers place toa t-1 with has a
csu/dsu
in the building, but i am planning on putting the t-1 directly to the
server,
on one nic and then the intranet on the other nic

1. T1 comes into the CSU/DSU
2. CSUDSU goes into the "real" Router (not a home user box) via Serial Cable
into a Serial Interface (typically S0).
3. Ethernet Interface of the "real" Router (typically E0) goes into
reasonably decent Switch.
4. Switch is connected to by a Firewall Product from its Untrusted External
Interface. The Firewall Product could be:
MS ISA Server
Cisco PIX or ASA
Checkpoint
Watchgaurd
.....probably a dozen other choices,...pick one
5. The Firewall Product connects to a LAN Switch with its Trusted Internal
Interface
6. Rest of the LAN Plugs into the LAN Switch or Switches
7. The Firewall Product is the *Only* device with two nics (duel-homed)
8. Any "Public" devices with Public IP#s that are not part of the LAN will
plug into the Switch that is between the Internet Router and the Firewall
Product. The TCP/IP config must be statically configured. That would be the
switch described in items #3 & #4 above

The Firewall Product will double as the "VPN Server" that accepts incomming
VPN Connection.

Outgoing VPN links from individuals should not be allowed, but can be done.
It should be fairly easy with the Cisco, Checkpoint, or Watchgaurd because
they are fairly simple "NAT boxes" in spite of all the "features" they pile
on top of that. The MS ISA Server is much more complex and although it can
operate as NAT Firewall, it can go well beyond that and operate as a Proxy
based Firewall using both CERN Compliant Web Proxy technology and Winsock
based technology. ISA will only allow outbound VPNs from individuals via
the NAT Service.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

.

Follow-Ups:
- Re: vpn
  - From: Dave Beanie

References:
- Re: vpn
  - From: Phillip Windell
- Re: vpn
  - From: Dave Beanie

Prev by Date: Slow Mapped Drives
Next by Date: Re: Two internet connections - One SBS
Previous by thread: Re: vpn
Next by thread: Re: vpn
Index(es):
- Date
- Thread

Relevant Pages

Re: vpn
... Can I just go from csu/dsu to the server nic and just use that for the vpn? ... Switch is connected to by a Firewall Product from its Untrusted External ...
(microsoft.public.windows.server.networking)
Re: Tampa Company switches to Macs
... A Seminole technology security expert is surprised by reaction to ... Schwartau is no mere computer user. ... Because after Schwartau's first column where he said that he had started to switch to the Mac he never mentioned it again in his column. ...
(comp.sys.mac.advocacy)
Re: Proposal
... Don't create more connections and more complex pieces of technology ... one of the best protections for your machine: SWITCH IT OFF! ... imagine if what Windows did rather than sit there ... constantly waiting for "remote assistance" that kept the darn thing ...
(alt.lang.asm)
Re: Oil replacement
... >> There are dangers currently. ... current technology is up to the task. ... >off like a switch, it will taper off, and during the taper, other ...
(sci.energy)
Re: Fridges
... The technology uses large thermocouples one set cooling the interior and a matched set throwing out heat outside. ... We had one or two unfortunate incidents until I fixed a bit of Perspex across the switch to stop it being accidentally switched. ...
(uk.rec.waterways)