Newbie - VPN Appliance Question

Unanswered Question
Jun 28th, 2007

I have a vendor who needs to run his pharmacy robot network in a private IP space. The server in this network is a Windows 2003 server with 10 Windows XP Pro clients. Our network is a large AD2K forrest but is behind a firewall. All servers are Windows 2003 and all clients are Windows XP Pro with personal firewall activated and centrally managed.

Here's the question. To separate the robot network from our network but allow bidirection traffic between it and one server sitting on our network require just one VPN appliance that would essentially do a NAT or two VPN appliances - one sitting at our server and one sitting on the edge of the robotic network?

What is the best solution for network isolation but allowing the one server to talk to the robotic network?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
s-doyle Wed, 07/04/2007 - 07:22

Network address translation will be the best solution in this regard

jaffer_sathik2010 Wed, 07/04/2007 - 07:46


I assume your topology would be similar to this

(robot network)----(Internet)-----(your network)

There are two possiblities:

case 1:


*Install a VPN gateway at each end-point of

the network.

*Use this option when you have got server's installed in both the places and want's to acess form both direction

*This is called site-to-site VPN

case 2:


*Install a vpn gateway at one end-point where you have installed server.

*use this option where you have got server installed in only one end-point and you initiate connection form only one direction.

*This is called Remote-Access VPN.

Hope it will help you a bit.



This Discussion