JamesLuther Fri, 02/13/2009 - 02:24

If you are trying to SSH to host inside the VPN encryption domain, then no. If you want to SSH to the VPN endpoint itself then yes.

nishit.patel Fri, 02/13/2009 - 02:33

What we are trying to do is:

- Nat 217.169.63.147 to redirect to an internal IP of 195.118.216.164

- Open the firewall to allow port 22 inbound to 217.169.63.147 (before the changes get made that port 22 would need to be opened if we already have a VPN tunnel?)

Scenario is - files will be sent from one side of the VPN tunnel (Riskwrite) through SFTP (22) to our server of x.x.216.164

JamesLuther Fri, 02/13/2009 - 02:41

Hello,

Opening port 22 or ceating a VPN are both technically possible it depends on your companys security policy.

I assume IP 195.118.216.164 is in a DMZ? In all companys I've worked for there are certain security processes around allowing file transfers from 3rd parties and in particular from the internet. Using SFTP is good but is preferable if you can lock this down to certain source IPs and the destination server should be in a DMZ NOT the internal network.

Thanks

Actions

This Discussion