firewall - vpn question

dave dave — Mon, 11 Mar 2019 22:03:33 GMT

hi! I've a firewall with 4 nic card, 2 of those nics are connected to the public and private dmz respectively. The remaining 2 nics are connected to the public internet and internal lan each.

eg.

Nic1 - Public DMZ

Nic2 - Private DMZ

Nic3 - Internet (telco router)

Nic4 - Internal LAN

If' I would to setup a vpn concentrator (for small sites to establish tunnel to it) which itself is a firewall, what's the advantage of having these vpn concentrator on the public/private dmz zone over direct connection to the internal lan? and vise versa? Thanks.

firewall - vpn question

mvsheik123 — Mon, 19 Dec 2011 16:24:09 GMT

Hi,

Cisco VPN concentrator is not a pure firewall- below is the extract from Cisco VPN conc Q&A with ref to the same:

Q. Does the Cisco VPN 3000 Concentrator Series have an integrated firewall? If so, what features are supported?

A. While the series has integrated stateless port / filtering capabilities and NAT, Cisco suggests you use a device like the Cisco Secure PIX Firewall for the corporate firewall

With reference to placement of the VPN concentrator, it can be placed in front of, behind, parallel to, or in the demilitarized zone (DMZ) of firewall based on your design requirement.

The DMZ implementation- gives you more control on what the remote users can access (good in terms of firm security). In parallel to ASA - basically opens your LAN for remote partners.

hth

topic firewall - vpn question in Network Security

firewall - vpn question

firewall - vpn question