[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sidewinder
Subject:    RE: [Sidewinder] VPN configuration
From:       sidewinder-admin () adeptech ! com
Date:       2004-04-05 17:42:14
Message-ID: 200404071245.i37Cj2528000 () aag ! adeptech ! com
[Download RAW message or body]

I have a couple recommendations for this.  The first is to terminate the VPN
in a burb of limited trust (virtual or some safe DMZ maybe).  You only need
ONE security association (SA) to do this correctly, but your policy will need
to include both destination networks in the "local network/ip" area of the SA
to be defined.  The remote end should be capable of doing this as well.  Once
you have that much, you will also be able to restrict/allow ports/networks
with your security policy. 

-----Original Message-----
From: sidewinder-admin@adeptech.com [mailto:sidewinder-admin@adeptech.com] 
Sent: Friday, April 02, 2004 7:31 AM
To: sidewinder@adeptech.com
Subject: Re: [Sidewinder] VPN configuration

To have the ability to filter the connections that come over the VPN, you
will need to create a virtual burb.  The endpoint of the VPN will be this
virtual burb.  You then create rules to control the communications that are
allowed to/from the virtual burb to the internal burb.

Hope this helps.

sidewinder-admin@adeptech.com wrote:

>Our current VPN setup allows users from the outside to VPN in and drops them
off on the internal burb.  I have a vendor that needs remote access to some
servers that are going into two different DMZ's/burbs and need to figure out
how to allow access to those via the VPN.  Any tips or ideas are appreciated.
Thanks.
>
>Darren Windham
>
>_______________________________________________
>Sidewinder mailing list
>Sidewinder@adeptech.com
>http://mail.adeptech.com/mailman/listinfo/sidewinder
>
>
>  
>

--
-
- Bryan Swann (swann@spawar.navy.mil)  843/218-6610
- Eagan McAllister Associates, Inc.
-
-  Temporarily out of my mind, back in 5 minutes.


_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder


_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic