stu_bill
asked on
Win 2k, VPN & Firewalls
We have a win2k server which we would like to use for VPN (win2k VPN) acces to our network. The server is NOT our domain controller. I can see 2 options for our network and i would appreciate somebody pointing out the good and bad points of each.
1. Using 1 to 1 NAT on the firewall to the VPN server (VPN NIC) and the other NIC on the LAN.
2. The VPN NIC going to a public IP on our router (bypassing the firewall) and the other NIC on our LAN.
I would like the security of the firewall but im not sure of the implications of a user actually being inside our firewall and on our LAN before being authenticated by VPN (or does NAT prevent this?).
Any comments would be appreciated.
Thanks,
Stu.
1. Using 1 to 1 NAT on the firewall to the VPN server (VPN NIC) and the other NIC on the LAN.
2. The VPN NIC going to a public IP on our router (bypassing the firewall) and the other NIC on our LAN.
I would like the security of the firewall but im not sure of the implications of a user actually being inside our firewall and on our LAN before being authenticated by VPN (or does NAT prevent this?).
Any comments would be appreciated.
Thanks,
Stu.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Depending on what firewall you are using. I have a Watchguard fireboxII and I was able to setup PPTP VPN users that authenticate to the firewall's external IP address with a user name and password that I assigned. It then issues a private IP address to that incoming VPN connections and I then have the user use Terminal services to connect to a specific server. Find all info you can about your firewall or use tech support. this method works pretty slick for me.