Karl,
The reason that I bought up the distinction of business-to-business and
business-to-desktop was basically a matter of deployment. A B-to-B solution
is usually a pipe from one offices LAN to another, creating a VLAN
connection. A B-to-D solution is usually deployed so that
employees/customer/vendors can remotly access the companies LAN from their
home or on the road. In the B-to-B case, you have a setup similar to :
LAN ----> VPN SERVER ---->FIREWALL ------> INTERNET -----> FIREWALL
------>VPN SERVER -----> LAN
It is basically a pipe through which all traffic flows. The VPN/Free S/wan
box on one side only talks to the VPN box/Free S/wan on the other side.
This sort of solution is usually deployed to allow several clients to
connect directly to resources on the other network without the use of VPN
client software loaded onto every system on the LAN.
A B-to-D solution looks like this:
VPN CLIENT -----> INTERNET -----> FIREWALL -----> VPN SERVER -----> LAN
Although this is similar, the difference is that the VPN Client represents
a single PC with special software that allows it to connect to the VPN
Server. Also, there are usually other systems involved in a B-TO-D
solution, such as a RADIUS server, Authentication server, and
accounting/logging server, depending on your particular needs. These things
are not required in all situations, and depending on the products you
choose, some VPN switches can do all of this stuff nativly. Also, in both
diagrams, the VPN servers can be on either side of the firewall, depending
on the firewall and security measures.
Hope this helps a little bit. I'm better at answering specific question
than I am at general over views. I'd make a lousey teacher !;-)
Kenny
>At 10:59 AM 3/3/00 -0800, you wrote:
>>
>>Hi Ken,
>>
>>Could you and/or Brice define a bit more and elaborate on the sorts of
>>different issues that exist for "business-to-business" and
>>"desktop-to-business" VPN's?
>>(please try to limit issues to *Linux* VPN software if possible)
>>
>>I'm such an old-time/bone-head Unix user, if I see that "Free S/WAN"
>>is a solution (and GPL'd at that) to connect a Home (or SOHO) LAN to
>>a business LAN, I say: "Well, just use it on 1 machine, and there's
>>your 'desktop-to-business' solution" ;-)
>>
>>Feel free to email just me rather than the list if you feel I'm taking
>>this thread down a rat-hole!
>>
>>
>>Karl Runge
>>
>>
>>On Fri, 03 Mar 2000, "Kenneth E. Lussier" <[EMAIL PROTECTED]> wrote:
>>> Karl,
>>> I wasn't trying to say that either. I was just pointing out that Free
>>> S/wan is GREAT for business-to-businnes, but it is lacking in the
>>> desktop-to-business area. The IntraPort is great for desktop-to-business,
>>> but I honestly don't know how good it is for b-to-b, since I have never
>>> used it for that. There is also the PN7 by Unified Access Communications
>>> (http://www.uac.com). I think most VPN's do IPSec at this point. I like
the
>>> idea of the home-grown solutions. I've actually been working on some stuff
>>> of my own in my spare time.
>>> Kenny
>>> At 07:31 AM 3/3/00 -0800, Karl J. Runge wrote:
>>
>>
>>**********************************************************
>>To unsubscribe from this list, send mail to
>>[EMAIL PROTECTED] with the following text in the
>>*body* (*not* the subject line) of the letter:
>>unsubscribe gnhlug
>>**********************************************************
>>
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
