In order to secure imporant data we decided to place VPN 3005 between the private VLAN the servers are on and the rest of the network. We do have external VPN 5001 for the remote access and my concern is remote users coming to the network over external VPN and using resourses on the secure VLAN.
I am just wandering if anybody implemented similar scenario and what imlications, vpn client conflicts to expect, etc. I'll appreciate any sugestions on the design /implementation as well.
If the traffic from your end systems to your servers is highly sensitive and needs to be guarded against snooping, encrypting it is probably the best idea. The problem then would be what to do with the user traffic coming in via VPN 5001and directed to the servers. I guess I would have directed the traffic to a router with a lan-to-lan VPN connectivity to the concentrator next to the servers. On the other hand, if all that you are trying to do is to protect your server by restricting access to it, the ideal way to do that would be to use a PIX firewall. Users coming in from the outside via the VPN 5001 would end up on the ouitside interface of your PIX. Users on the local network would be placed on the inside interface. The servers would be placed on the DMZ. With this physical setup and using conduits or access-lists you can tightly contol access to the server.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...