Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Initilal VPN design 2

Status
Not open for further replies.
chadell

chadell

Instructor
Sep 13, 2001
21
ES
I have to design a VPN environment and i would know the possible options to develop this work.
I understand its a generic question, but i think important to have different possibilities.

Initially I had thought in a router-to-client, but I am not sure that it's the best choice.

I'll thank all proposal that you send me.
 
Sort by date Sort by votes
I would suggest to put a server in a DMZ,
only allow the VPN ports to the server in the DMZ,
and then connect from a second NIC in the server to the LAN ---------------------------------------------------------------------
I have not failed, I've just found 10,000 ways that don't work
---------------------------------------------------------------------
Peter Van Eeckhoutte
peter.ve@pandora.be
*:->* Did this post help? Click below to let me know !
 
Upvote 0 Downvote
thank for your idea, but my problem is to choice if I'll use a firewall(like PIX), a router(like Cisco 7204) or another device on the enterprise side.
On the client side I would use a VPN software, but I neither know which is the most appropriate.
 
Upvote 0 Downvote
it doesn't matter which type of firewall you use, as long as you allow only the ports that are really needed (to your DMZ machine)

if you use plain Win2K as VPN server , you can use Win9x, WinNT4 and Win2K as a client... works great
You can also implement a certificate authority and use smart cards for additional security ---------------------------------------------------------------------
I have not failed, I've just found 10,000 ways that don't work
---------------------------------------------------------------------
Peter Van Eeckhoutte
peter.ve@pandora.be
*:->* Did this post help? Click below to let me know !
 
Upvote 0 Downvote
which do you advice me to be the server of my VPN, a cisco router 7204 or a Win2k, behind the router, as a server?
If i would implement a certificate authority and smartcards, which possible methods exists?
thanks for your answers
 
Upvote 0 Downvote
Then I would go for the Win2K solution (if you plan on using CA and smartcards)
You can try out equipment from gemplus ( they have fine & rather cheap readers/writers and cards... ---------------------------------------------------------------------
I have not failed, I've just found 10,000 ways that don't work
---------------------------------------------------------------------
Peter Van Eeckhoutte
peter.ve@pandora.be
*:->* Did this post help? Click below to let me know !
 
Upvote 0 Downvote
Win2k is a cheaper cost solution but not better than cisco's performance. Cisco IOS encryption software is very good but 3000 concentrator is better(dedicated & hardware) versus software base VPN win2k(come on its windows)I agree with peterve about using CA and smartcards which could also be use with the cisco well I know CA does.
 
Upvote 0 Downvote
where I can achieve information about CA and smartcards?
it's only possible use with Cisco software or can I use with win2k?
 
Upvote 0 Downvote
You can set up a CA in Win2K, no additional software or licenses are needed...
If you want to test IPSec tunneling, let me know... I will send you my personal procedure on how to set it up... ---------------------------------------------------------------------
I have not failed, I've just found 10,000 ways that don't work
---------------------------------------------------------------------
Peter Van Eeckhoutte
peter.ve@pandora.be
*:->* Did this post help? Click below to let me know !
 
Upvote 0 Downvote
thanks Peterve for helping me, I like you to send me this information
 
Upvote 0 Downvote
Peter,

can you send me your personal procedure too?
much appreciated :)

TheSaint
arno.vannijnatten@tie.nl
 
Upvote 0 Downvote
Guys, please send your email addresses to peter.ve@pandora.be
I will return your mail with the procedure...

---------------------------------------------------------------------
I have not failed, I've just found 10,000 ways that don't work
---------------------------------------------------------------------
Peter Van Eeckhoutte
peter.ve@pandora.be
*:->* Did this post help? Click below to let me know !
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Locked
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
440
GlobeTrekkerGal
GlobeTrekkerGal
sarahz2
  • Locked
  • Question
Best vpn safe and fast
Replies
4
Views
327
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
272
sircles
sircles
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
234
Joon Smith
Joon Smith
LearningNetworking
  • Locked
  • Question
Linking Hosts on the same subnet via VPN
Replies
0
Views
308
LearningNetworking
LearningNetworking

Part and Inventory Search

Sponsor

Back
Top