Yes. That solution compromises the DMZ. You will want to take into account your firewall and router architecture.
If you want something secure that you can set up today, and you have a small number of users to support then the easiest thing to do would be to outsource the functionality. I've used http://www.vpnondemand/ The bigger ISPs like Qwest also have solutions, when I needed to slap something together while I got my own resources together. If you need architectural input for deploying your own server then there are resources at: Microsoft http://www.microsoft.com/windows2000/technologies/communications/vpn/default .asp Generic http://www.vpnlabs.org Cisco http://www.cisco.com/warp/public/3/fi/doc/vpnlab.html .... to name just a few. There are product comparisons are http://www.networkcomputing.com A whole lot depends on the number of users you will be supporting the locations of the resouces they'll need access to and of course... the funds you have available. Sincerely, Robin Nicholson Magnetic Data Technologies llc. ----- Original Message ----- From: "Hague Nat" <[EMAIL PROTECTED]> To: "'Robert Hardy'" <[EMAIL PROTECTED]>; "'Jonathan Kimpson'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, February 07, 2002 9:39 AM Subject: RE: Comparison of VPN methods Surely this is compromises your DMZ ? ! ? It would be far better to have one NIC and use a rule base to manage traffic through the firewall !!!!!! -----Original Message----- From: Robert Hardy [mailto:[EMAIL PROTECTED]] Sent: 06 February 2002 18:05 To: 'Jonathan Kimpson'; [EMAIL PROTECTED] Subject: RE: Comparison of VPN methods Hello Jonathan, I set up our RAS server (W2K) with one interface in the DMZ and the other to our LAN... you'll probably want to use IPSec or other filtering to "lock down" the ports on the DMZ side. For PPTP you only need ports 47 (ip) and 1723 (tcp) open. It was fairly simple to setup and works well for us. Best Regards, Robert Hardy Ecliptek Corporation -----Original Message----- From: Jonathan Kimpson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 05, 2002 6:12 AM To: [EMAIL PROTECTED] Subject: Comparison of VPN methods I am being asked to setup a VPN arrangement for some of our staff to work from home. Our system is an NT domain behind a firewall and with a dmz. I would like to know if there are any comparisons of products/technologies to achieve such tasks as: - connecting to exchange server - connecting to SQL server - mapping drives I am a little confused as to the best way to deploy a solution- use PPTP out of an NT server or use L2TP on W2K? and where to place the server- in the dmz or within the LAN? If I employ NAT does that preclude me from one method? Any resources gratefully received. ___________________________ Jonathan Kimpson i�teba Phone: +44 (0)20-7841 3300 Fax: +44 (0)20-7841 3301 mailto:[EMAIL PROTECTED] http://www.iteba.com _______________________________ NOTICE - This e-mail and any files transmitted with it are confidential and are intended solely for the use of the individual to whom they are addressed. Contractual items and other documentation shall not be binding unless confirmed in hard copy, duly signed by an authorised person. If you have received this e-mail in error, please notify us as soon as possible. Thank you. This email contains information, together with any files transmitted with it, which is intended only for the use of the individual or entity to whom it is addressed. It may contain information which is privileged and confidential the disclosure of which is prohibited by law. If you are not the intended recipient, please note any dissemination, disclosure, distribution or copying of this communication or action taken in reliance on its contents is strictly prohibited. If you have received this email in error please notify us immediately and then delete and destroy the message from your computer. We thank you for your co-operation. N0d15 ############################################################################ #### A member of the Old Mutual group. Established 1845. Old Mutual International Services Limited is a private company limited by shares, incorporated in England and Wales under Registered No: 3532099. Its registered office is situated in England and Wales at 2 Bartley Way, Hook, Hampshire, RG27 9XA' ############################################################################ ####
