Public/private addressing is irrelevant, you only need public addresses at
your border routers, or you can use public addresses everywhere to avoid NAT
and external interconnectivity problems. The question seems to ask whether
corporate nodes have the ability to route to the Internet, Not a good idea,
everything should be proxied, whether it is for Internet access, VPN remote
access, or B2B data.
Sore subject is an understatement, most people have opinions about public
vs. private addressing that rival the fervor of most religious debates. This
could get ugly.
By the way, if you only have a single DMZ, and are hosting websites, you
have bigger issues. You should be using a layered firewall design.
Erik Mintz
| Casey
|
| >From: Steve Smith <[EMAIL PROTECTED]>
| >Reply-To: Steve Smith <[EMAIL PROTECTED]>
| >To: "'[EMAIL PROTECTED]'"[EMAIL PROTECTED]
| >Subject: security
| >Date: Tue, 22 Aug 2000 20:34:54 +0000
| >
| >Hey gang, a little OT but here is goes. I need a few "expert" opinions
on
| >a
| >sore subject.
| >
| >If you have a big WAN, ATM DS3 connecting 6 cities, with a single
internet
| >access point. Our "security" manger feels that we should have public IPs
| >running in our DMZ and our WAN from city to city. Then NAT/PAT into each
| >loction. The other way would be to have a DMZ at the internet access
point,
| >leave them public for web servers and such, then NAT/PAT through the
| >firewall for the rest of the WAN.
| >
| >Any feelings?
| >
| >Thanks in advance.
| >Steve
| >
| >
| >
| ><< SteveSmith.vcf >>
|
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
