09-11-2002 04:32 PM - edited 02-21-2020 12:03 PM
I would like to some feedback on where everyone is placing their VPN Concentrators?
I know general deployment recommends running parallel to the inside and outside interface of the firewall. Is anyone running their outside VPN interface on a DMZ?
-dl
09-11-2002 06:28 PM
Yes, we do it. I think the VPN 3000 doesn`t have DoS protection on itself, so it would be better to protect this interface(VPN3000`s outside I/F) by a firewall. Make sure you don`t get a bottleneck on the firewall.
09-15-2002 06:32 PM
We run inside the firewall as well. I was concerned that we would take a bit of a performance hit but so far it seems OK.
09-24-2002 06:39 AM
David,
If 3005 is placed behind a firewall, how would the servers behind 3005 respond to outbound requests?
Steve
09-25-2002 09:26 PM
Ours usually uses a L3 switch between the servers and the Concentrator/Firewall. Outbound traffic from the servers with destination to a public IP address) goes to the Firewall directly (this traffic will not be encrypted). Outbound traffic from the servers with a destination to the other encryption domain goes to the Concentrator (this traffic will be encrypted).
Regards,
Engel.
09-16-2002 04:42 AM
A third vote for standard deployment on a DMZ interface of the firewall. Protection from DoS, use a static NAT address so the real IP is hidden also...
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: