Ivan, You are correct in that the VPN3015 does not currently have a stateful firewall. It does support access control lists.
At this time there is no way to get through a VPN30xx concentrator other than using one of the VPN clients. To date there have been no compromises of that platform. I would suggest you look at installing the VPN3015 concentrator on a perimeter network off your existing firewall. That way the 3015 can be accessed by VPN clients on the Internet via it's own public IP address. Any attempts to get through the concentrator would need to pass through the firewall, so you can enforce policy on anything that comes through the concentrator. Liberty for All, Brian At 10:11 AM 10/16/2001 -0700, Ivan Lopez, TRI wrote: >Message: 11 >From: "Ivan Lopez, TRI" <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: CISCO VPN CONCENTRATOR, USE BEHIND A FIREWALL? >Date: Tue, 16 Oct 2001 11:04:46 -0400 > >We recently bought a Cisco VPN Concentrator 3015. >We've been told that since it does not have firewall capabilityes, it is >Not safe to have it's outside interface on the Internet Side. >Is that true? Do we need to put a firewall in front of it? >In that case, wich ports need to be open? _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
