Clustered fiewalls bring their own set of issues, not the least of which is cost, as you mention.
Second, separate firewall and VPN access points make good sense in that the net result is less chance of configuration error, which can be very difficult in a single box strategy. And seeing as misconfiguration is the number one cause of firewall vulnerabilities, I'd say that risk of having multiple connect points is less than that of misconfiguring a monolithic ingress/egress point. And you really don't want to know about the third ingress/egress point we just ordered for our location, either. ------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: Aaron Brasslett [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 20, 2002 9:57 AM > To: NT 2000 Discussions > Subject: RE: Minimum VPN req's > > > You now have another point of attack on your network. Two > boxes to support, > upgrade, and patch for the latest security vulnerabilities. > > If budget isn't a problem, install a clustered firewall. > > You could also place the VPN box behind your primary > firewall. In short, > there are a lot of options beyond paralleling firewalls. > > Aaron > > -----Original Message----- > From: Robert Gonzaga (306) [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, December 18, 2002 5:22 PM > To: NT 2000 Discussions > Subject: RE: Minimum VPN req's > > > Explain why it doesn't make sense. > > -----Original Message----- > From: Aaron Brasslett [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, December 18, 2002 2:12 PM > To: NT 2000 Discussions > Subject: RE: Minimum VPN req's > > Why would you put your VPN box in parallel with the PIX? Why > wouldn't you > support the VPN on one of the existing PIXs? Parallel > firewalls don't make > a lot of sense. > > Aaron > > -----Original Message----- > From: Robert Gonzaga (306) [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, December 18, 2002 5:03 PM > To: NT 2000 Discussions > Subject: RE: Minimum VPN req's > > > I setup our VPN box in parallel with our 2 PIXs. You need a > public IP for > the outside and a private IP on the inside. Pop in you PDC > info, WINS and > pool of address for that clients and that's basically it. > It's fast. You > can use your existing windows client but I'd recommend the > Cisco software > that comes with the concentrator. The client is a free > downloadable from > cisco if you have a CCO login. > > -----Original Message----- > From: Lum, David [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, December 18, 2002 2:00 PM > To: NT 2000 Discussions > Subject: Minimum VPN req's > > All this talk of VPN...what's the absolute minimum equipment > to VPN if both > sides already have fast internet? Software/hardware. I > currently dial in via > PCAnywhere to one site, but I'd love to utilize my DSL and > their broadband > connection to connect. > > Dave Lum - [EMAIL PROTECTED] > Sr. Network Specialist - Textron Financial > 503-675-5510 > > > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
