Your branch locations are going to each have at least one "public"
address to connect their Internet line to -- the unsecured side of
their VPN box. The question is, do you want to allow connections
other than your VPN tunnels into each branch location, and/or do you
want users at those branch locations to access the public Internet
directly, or backhaul all of their traffic to headquarters to use
your main gateway. As usual, a policy decision needs to be made
between cost and security -- teh technology exists to implement
whichever policy is chosen.
(There is a mailing list that deals specifically with VPN issues,
hosted at securityfocus.com. You may get answers there from a
slightly different perspective than here.)
David Gillett
On 24 May 2001, at 19:19, Andy Haigh wrote:
> We are currently looking at putting in a VPN solution to some of our
> branches and I was wondering what the best way to map out the IP addresses
> to it. I know that I can have a single public IP address at the Head Office
> and connect each branch to that address and then using different private IP
> addresses to get the individual VPN's. I am wondering if there would be any
> merit in me having a different public IP address at the Head Office end for
> each of the VPN's. Your thoughts would be appreciated.
>
> Thanks
>
> Andy
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
