09-11-2002 04:32 PM - edited 02-21-2020 12:03 PM
I would like to some feedback on where everyone is placing their VPN Concentrators?
I know general deployment recommends running parallel to the inside and outside interface of the firewall. Is anyone running their outside VPN interface on a DMZ?
-dl
09-11-2002 06:28 PM
Yes, we do it. I think the VPN 3000 doesn`t have DoS protection on itself, so it would be better to protect this interface(VPN3000`s outside I/F) by a firewall. Make sure you don`t get a bottleneck on the firewall.
09-15-2002 06:32 PM
We run inside the firewall as well. I was concerned that we would take a bit of a performance hit but so far it seems OK.
09-24-2002 06:39 AM
David,
If 3005 is placed behind a firewall, how would the servers behind 3005 respond to outbound requests?
Steve
09-25-2002 09:26 PM
Ours usually uses a L3 switch between the servers and the Concentrator/Firewall. Outbound traffic from the servers with destination to a public IP address) goes to the Firewall directly (this traffic will not be encrypted). Outbound traffic from the servers with a destination to the other encryption domain goes to the Concentrator (this traffic will be encrypted).
Regards,
Engel.
09-16-2002 04:42 AM
A third vote for standard deployment on a DMZ interface of the firewall. Protection from DoS, use a static NAT address so the real IP is hidden also...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide