From: Ron Royston (ccie6824@xxxxxxxxxxx)
Date: Fri Oct 19 2001 - 21:42:51 GMT-3
VPN, virtual private network, is the next best thing to being physically on
that network. I don't see the point in steering their traffic through a VPN
concentrator if they're already in. Why not put them on their own segment
and use ACLs to restrict their access?
>From: "Abraham, Ajith" <Ajith.Abraham@FLHOSP.ORG>
>Reply-To: "Abraham, Ajith" <Ajith.Abraham@FLHOSP.ORG>
>To: ccielab@groupstudy.com
>Subject: PIX to VPN Situation
>Date: Fri, 19 Oct 2001 08:48:30 -0400
>
>Dear Group:
>
>I would like to test a situation:
>
>INTERNET----VPN3000----INSIDE-NETWORK-----PIX-----REMOTEOFFICE
> | |
> | |
> |----------------------------|
> TUNNEL THROUGH THE NETWRK
>
>
>Assume that I want to allow a consulting group physically inside our
>network, access to the internet without any access to our network. If they
>need to access our network, they have to come in through VPN. So I thought
>it would be a good thing to have a tunnel through our network between the
>pix and the VPN (public interface). Is it possible. I have a pix506 and
>VPN3000.
>
>Or just do not be concerned with my diagram, instead shed some light on
>what
>would you do to give someone inside your system, access to the internet,
>without having access to your network other than through VPN. Please keep
>in mind that consulting office to internet router separate cabling is a no
>no. It has to tunnel through the existing network.
>
>Thank you folks. What will life be without this study group.
>
>Avran
This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 22:33:22 GMT-3