> Not really. The dial-up server would have to support management of the
> client software, including identifying what client software was running.
> Currently, RAS does not support this.
So you don't use RAS at the server end. If you're installing custom server
software anyway, why would you assume that you're using RAS? There's plenty
of other PPP solutions.
> In general, you shouldn't treat the VPN as if it's part of your corporate
> network. I would suggest putting the VPN on the outside of your firewall (or
> setting up appropriate filters on your VPN device if it has firewall
> features).
Oh, absolutely. That's the main point I'm making: a VPN is inherently exposed
to the Internet and should have its own DMZ, as should your PPP modem pool.
I'm just concerned by the tendency for people to set up a VPN that dumps you
right onto the corporate LAN.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
