Any help with VPN termination?
Nick Phillips
nphillips at jesna.org
Wed May 4 15:26:33 UTC 2005
Hi all,
I'm a relative newbie to VPN, and I've been asked to investigate setting up
a VPN for a small office of about 50 people. The network architecture is an
external firewall (which may be replaced with a firewall / VPN appliance,
probably Astaro at this point), a DMZ containing Linux-webservers
(192.168.2.x), and an internal Linux firewall protecting the LAN
(192.168.1.x), composed of Windows XP machines, and also the file/mail
servers (which will be switched to WIndows Server as per management's
request).
Now my question - where is the best place for the VPN to terminate, assuming
that VPN users need access to the file servers inside the LAN? With an
external firewall / VPN appliance, as far as I understand it, the VPN
sessions would terminate inside the DMZ, with an IP of 192.168.2.something.
Providing those VPN users with access to the fileservers inside the LAN
would require punching a bunch of holes in the internal firewall, right?
This isn't something that sounds too appealing to me. But what other
solutions are there? Is it preferable to forward the VPN connection to be
terminated on the inside firewall instead, so sessions would terminate
inside the LAN with a 192.168.1.something IP?
Could anybody with VPN experience suggest the best way to solve this? And
forgive me if I'm screwy with some of the details of how VPN works, I'm
still learning up on PPTP / L2TP / IPsec etc etc....
Regards,
Nick Phillips
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050504/274dcc12/attachment-0001.htm>
More information about the fedora-list
mailing list