Remote Access Server ( RAS ) is not a VPN. Although there are many definitions, and I have been in heated discussions off line with folks about this, I think a minimalist definition serves best. A VPN is a network which uses the public internet, or some other shared public facility, as its means of transport. Notice I do not say "a secure way of communicating across the internet" or other such things. This is because I believe that security is too important to be subsumed into or assumed to be part of the definition. When a user dials into a corporate RAS server, he is dialing into a private facility. When a user dials into an ISP and then connects to the corporate network, he is using a public facility. Yes, the ISP can be using RAS. But the transport from here to there is still publicly accessible and publicly shared. VPN's can be self contained within a single ISP. But the infrastructure is still public. I.e. available for the public to use. I separate out the issues of security, authentication, authorization, IPSec, L2TP, and so on, because I believe these issues must be discussed over, above, and apart from, the issue of transport. Many disagree, and include such things in their definitions. Vive le difference, as EC might say. HTH Chuck -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Billy Monroe Sent: Thursday, June 01, 2000 4:55 PM To: [EMAIL PROTECTED] Subject: Re: vpn By the way, could you clarify an information about VPN: RAS is a network-to-network connection, correct ? RAS (MS) uses PPTP to encapsulate PPP and establish a connection. Is RAS a VPN or not ? ""Albert Ip"" <[EMAIL PROTECTED]> wrote in message 001001bfcc0a$ba488f80$[EMAIL PROTECTED]">news:001001bfcc0a$ba488f80$[EMAIL PROTECTED]... > > My 0.02. > > If PISNet own the router, can you do an upgrade? Who will manage the > specification? If you found a port that need to be open, do you call PISNet? > > You can use the Proxy Server 2 as the access point. That is not recommended > by MS as that is your firewall. You can use another NT server behind the > firewall with PPTP (this will install RAS and bunch of other stuff on that > box). You just have to assign the port in the Proxy Server. For the > clients, you just have to install the PPTP protocol. As long as the client > is Windows, it would work. This setup is for only a few connections. > > Albert > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Chuck Larrieu > Sent: Thursday, June 01, 2000 12:37 PM > To: Parris, Brian; [EMAIL PROTECTED] > Subject: RE: vpn > > > 1) yes - to something that runs IPSec. May be a flash and mem upgrade as > well chances are very good that with more than a couple of simultaneous > tunnels, your router will crawl to a halt. > > some folks install a second device dedicated to tunnel/vpn traffic to keep > from bogging down the gateway > > internet------gateway-------firewall-----inside network > | | > vpn/tunnel--------| > > 2) don't know. Those wiser than I can answer. > > 3) Everything is a matter of degree. Cisco offers the IP/Firewall/IPSec IOS > and this is certainly one way of doing things. There are other ways. I think > it best to begin with a security policy statement, and work from there. > Decide what level of risk your company can tolerate ( meaning your top > management decides, and places this in writing ) and then evaluate different > ways of doing things based on this policy. > > > 4) Yes - a client VPN , referred to as "shim" software, installed on any > machine that wants to connect. In theory these are standards based and > interoperable. Don't count on it. Nokia/Checkpoint requires the Checkpoint > client. Cisco uses the IRE client, and IRE says that their client is > compatible for most uses, but you have to test. There are issues with any > shim software and any PC, NIC, and applications. Do not assume that this all > is plug and play. I have heard many a tale of woe from other SE's, and our > security group. > > Cisco also supports L2TP and PPTP, which require a Microsoft client piece > for windows users. > > Hope this gets you started. > > Chuck > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > Parris, Brian > Sent: Thursday, June 01, 2000 11:42 AM > To: '[EMAIL PROTECTED]' > Subject: FW: vpn > > > Let me asking a specific question while this thread is running. > Our T1 to the internet is being handled by a Cisco 2514 w/IOS 11.1 running > on it. The router is owned by PSINet. Our security is just being handled > by our Proxy Server 2.0 . > We have a lot of outside salesman starting to jump on the broadband > bandwagon and have found a severe need for a VPN. > So my question is............. > 1. Do I need to upgrade our IOS version? > 2. Should I (or have to) get rid of the Proxy Server? > 3. Can I control all our security through the router? > 4. Do I need any special software for the clients? > > Any help would be greatly appreciated. > TIA, > Brian Parris > Systems Administrator > Carotek, Inc. > > -----Original Message----- > From: Irwin Lazar [mailto:[EMAIL PROTECTED]] > Sent: Thursday, June 01, 2000 1:37 PM > To: 'Jesus Suarez Gonzalez'; [EMAIL PROTECTED] > Subject: RE: vpn > > try: > http://www.itprc.com/vpn.htm > irwin > -----Original Message----- > From: Jesus Suarez Gonzalez [mailto:[EMAIL PROTECTED]] > Sent: Thursday, June 01, 2000 12:13 PM > To: [EMAIL PROTECTED] > Subject: vpn > > > I need materia of study about VPN, > where can i found this material. > > regards > > ___________________________________ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > ___________________________________ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > ___________________________________ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > ___________________________________ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > ___________________________________ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___________________________________ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___________________________________ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
