Tilted Forum Project Discussion Community - View Single Post

bendsley · 11-10-2005, 06:38 AM

How come the client couldn't just come in over the VPN? It's easy enough to setup a user on a VPN Concentrator or Pix. How is the VPN authenticating users (LDAP/AD, PAM, local)?

Could your company not have setup an L2TP connection with the client and have him connect that way? That way he wouldn't have to install the Cisco VPN client if he didn't have it already (install requires a reboot because it makes a virtual network adapter).

If you're going to open your firewall for any reason, you want to section off what is going to be needed to a different VLAN, so as not to allow access to other machines.

I guess I don't see why your "systems guy" didn't think about some of this before just opening your firewall to the outside world. Hence, the purpose of firewalls.

Just my $0.02.

11-10-2005, 06:38 AM	#7 (permalink)
bendsley Professional Loafer Location: texas	How come the client couldn't just come in over the VPN? It's easy enough to setup a user on a VPN Concentrator or Pix. How is the VPN authenticating users (LDAP/AD, PAM, local)? Could your company not have setup an L2TP connection with the client and have him connect that way? That way he wouldn't have to install the Cisco VPN client if he didn't have it already (install requires a reboot because it makes a virtual network adapter). If you're going to open your firewall for any reason, you want to section off what is going to be needed to a different VLAN, so as not to allow access to other machines. I guess I don't see why your "systems guy" didn't think about some of this before just opening your firewall to the outside world. Hence, the purpose of firewalls. Just my $0.02. __________________ "You hear the one about the fella who died, went to the pearly gates? St. Peter let him in. Sees a guy in a suit making a closing argument. Says, "Who's that?" St. Peter says, "Oh, that's God. Thinks he's Denny Crane."