[Cialug] VPN server on Firewall or File Server
Mark Hesseltine
markhesseltine at gmail.com
Sat Jan 21 23:14:53 CST 2006
On 1/21/06, Claus Niesen <cniesen at gmx.net> wrote:
> Where do you recommend I put the VPN server? On the firewall or on the file
> server? My simplified network layout is:
>
> WLAN
> |
> +--------+ +----------+
> Internet --|Firewall|-- LAN --|FileServer|
> +--------+ +----------+
> |
> DMZ
>
> The VNP is mainly used for Samba and Windows shares.
>
> Thanks,
> Claus
>
> --
>
>
> DSL-Aktion wegen großer Nachfrage bis 28.2.2006 verlängert:
> GMX DSL-Flatrate 1 Jahr kostenlos* http://www.gmx.net/de/go/dsl
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
I think it makes the most sense to put the VPN server behind the
firewall. You can then use the firewall as the first layer of
protection, by only allowing certain IPs to come through to the VPN
server. The VPN would then be a second layer of protection, by
requiring authorization before allowing access to the LAN.
Otherwise, if the VPN is the only protection, a brute force password
attack could compromise your LAN security.
--
Mark Hesseltine
mailto:markhesseltine at gmail.com
More information about the Cialug
mailing list