Remember most VPN boxes must have a valid (non-natted) external outside
address. If this is the case you could put it off your DMZ interface.
Although I assume if you are doing a site to site VPN that you will probably
add routes for the remote networks and define the VPN as the gateway. All
other traffic could go to your default gateway.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Patrick Bass
Sent: Wednesday, January 03, 2001 8:29 AM
To: [EMAIL PROTECTED]
Subject: Re: VPN location
I'd put it in a DMZ off the PIX.
""SH Wesson"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I'm installing a new VPN box. Traditionally, where in the network does
the
> VPN box reside. Does it run parallel to the PIX firewall and be connected
> to the inside the same way as the pix or should the VPN box be located in
> the DMZ with a secure tunnel created between the VPN box and the PIX
> firewall and all requests to the inside network would go through PIX
firwall
> via conduits, etc. Thanks.
>
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
