Objective: Provide site-2-site VPN, remote access VPN and protect servers farm.
Which is a better design? I feel much
more comfortable having the VPN concentrator being protected by the firewall; however, at the same time,
both encrypted and decrypted traffics will have to traverse the firewall twice,
thus it may impact the firewall performance.
I prefer design_2 but I would like to get
comments from security gurus in this forum. Thanks.