Years back, I worked on a network where we had a requirement like this, which we met by deploying a PIX as gateway with an attached TACACS+ server. Clients who telnetted to the gateway and authenticated against TACACS+ got access to the network beyond the gateway. More recently, I've been using some of the authentication services offered by CheckPoint's FW-1 firewall and BlueSocket's "wireless" security box. I suspect that user authentication as a firewall feature has become fairly widespread, although I'm not sure how common on boxes costing less than about $10K.
David Gillett > -----Original Message----- > From: Bob Freeman [mailto:[EMAIL PROTECTED] > Sent: August 6, 2003 08:58 > To: [EMAIL PROTECTED] > Subject: Securing Web access from internet > > > > > Hi everyone, We have a web application on our LAN (based on > IIS) and we want to make this web application available from > the internet for specific users/workstation. 1)I want to > make sure that these users/workstation are authenticated > BEFORE accessing the local network. 2)I want to make sure > that the information transiting on the public network is > encrypted 3)I would prefer to not have anything to install > on the remote workstations (if possible) 4)I don't want a > VPN solution. I don't know much about the product I need but > I suppose it would be a kind of web relay/authentication > server installed in our DMZ. Do you have product to > propose? Thanks Bob Freeman > > -------------------------------------------------------------- > ------------- > -------------------------------------------------------------- > -------------- > --------------------------------------------------------------------------- ----------------------------------------------------------------------------