Same domain across all the sites?
DC at each site?
Cheesy diagram follows:
(workstations)--[SRV]-(FW)-(RTR)--(INET)--(RTR)-(FW)-[SRV]--[workstations]
Or are you thinking of having an extra server act as a VPN point?
[File/DC SRV]--[VPN SRV]-(FW)-(RTR)--(INET)--(RTR)-(FW)-[VPN SRV]--[File/DC SRV]--[workstations]
FW = Firewall RTR = Router VPN SRV = 2 NIC server that acts as traffic filter
If you are not buying separate firewalls then you NEED ISA Server 2000 (to stick the MS way) - that's money too though.
For the cost/administration and configuration, I'd go the firewall/VPN way.
VPN is apart of most firewalls today. Just make sure you have one that's really good and doesn't [EMAIL PROTECTED] you on licenses (Checkpoint and others)
If you want to flesh some ideas out, let me know...
-James
At 07:48 6/12/2003, you wrote:
At the end of the day that's exactly what I hope to achieve. I guess what I'm looking at is this:
All sites will have a Windows 2000/20003 box and will all be on a different subnet. Rather than incur the cost of VPN licenses on the firewalls, I'd like to use the existing capability of the servers.
The central server (hub) would provide site to site VPN eliminating any overhead on the clients.
Any flaws to that line of reasoning?
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, June 12, 2003 8:18 AM To: NT 2000 Discussions Subject: RE: VPN Pass Through Firewalls
Why not set up a VPN mesh (or hub-and-spoke) via the firewalls? Let them handle the VPN's and let the servers do the serving? :-) It'll reduce the CPU and configuration on the clients too.
At 21:13 6/11/2003, you wrote: >Right now this is purely hypothetical as I'm just investigating >alternatives that might come into play at a number of locations. That >said, for the most part only one external IP address. > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of >[EMAIL PROTECTED] >Sent: Wednesday, June 11, 2003 9:40 PM >To: NT 2000 Discussions >Subject: Re: VPN Pass Through Firewalls > >As I am sure the list would expect, a Cisco PIX would handle this with >ease. > >How many external IP's do you have? > > > >At 13:56 6/11/2003, you wrote: > >Hi, > > > >I'm interested in some options for firewalls that can be configured to > >pass Windows 2000/2003 VPN traffic. In other words, I want to use RRAS > >to create the tunnels and have it work through a firewall. > > > >Any suggestions? > > > > > > > >Glen L. Bowes > >MCSE, CCNA, A+, Net+ > >[EMAIL PROTECTED] > > > > > > > >------ > >You are subscribed as [EMAIL PROTECTED] > >Web Interface: > >http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=nt2000&text_mode=&l >ang=english > >To unsubscribe send a blank email to %%email.unsub%% > > > > >------ >You are subscribed as [EMAIL PROTECTED] >Web Interface: >http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=nt2000&text_mode=&l a >ng=english >To unsubscribe send a blank email to %%email.unsub%% > > >------ >You are subscribed as [EMAIL PROTECTED] >Web Interface: >http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=nt2000&text_mode=&l ang=english >To unsubscribe send a blank email to %%email.unsub%%
------ You are subscribed as [EMAIL PROTECTED] Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=nt2000&text_mode=&la ng=english To unsubscribe send a blank email to %%email.unsub%%
------
You are subscribed as [EMAIL PROTECTED]
Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=nt2000&text_mode=&lang=english
To unsubscribe send a blank email to %%email.unsub%%
------ You are subscribed as [EMAIL PROTECTED] Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=nt2000&text_mode=&lang=english To unsubscribe send a blank email to [EMAIL PROTECTED]
