Hello All,
We are going to set up a secure environment to access external routers
(located in a specfic DMZ) for management purposes.
The initial idea was having a dedicated Nokia IP440 connecting to the
various routers via an IPSEC tunnel. That firewall itself is with one leg
in the management LAN, and the other leg in a firewall LAN connection the
various DMZ.
So basically, the firewall would be the endpoint of all IPSEC tunnels to
the routers to be managed.
Being a Cisco-oriented person, I don't really like this solution as it will
be harder for me to manage the IPSEC sided on the firewall, esp when more
tunnels have to be added or removed.
This is why I thought of the following alternative, and it is for that one
that I would like your opinion.
My suggestion is to put a dedicated IPSEC VPN router between the firewall
and the routers to be managed. The firewall would then have only -one-
IPSEC tunnel towards the dedicated router, and that dedicated router would
then be the endpoint of all IPSEC tunnels to the other cisco routers to be
managed.
I hope I described the setup in an understandable way.
I would appreciate any comments on this, esp. if someone had already
experience with it.
Thanks,
...Giorgo
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
