Motopsycho
ISP
After reading various posts regarding VPN Concentrators, I am thinking of proposing the idea to relocate our corporate concentrator to our DMZ. Before I go ahead with the idea, I want to make sure I have all of my bases covered. My thoughts are to create a 2 VLANs in the DMZ, one specifically for the VPN traffic from the concentrator. We're running a Cisco PIX 520 with 6.3 IOS which will support multiple VLANs on one physical interface (in this case, the DMZ interface). From there it will hit a Cisco Catalyst switch and into the Cisco VPN 3000 Concentrator. Now I would think that once I create the VLAN for VPN traffic with an entirely different subnet than the first VLAN, all I would have to do it setup the PIX to allow whatever protocol/port I choose (e.g., port 3389) to access the corporate LAN and setup the outbound ACL as well. Is there anything I am missing or does anyone have any other suggestions?