Solved

Win 2k, VPN & Firewalls

Posted on 2002-04-04
2
144 Views
Last Modified: 2010-04-13
We have a win2k server which we would like to use for VPN (win2k VPN) acces to our network.  The server is NOT our domain controller.  I can see 2 options for our network and i would appreciate somebody pointing out the good and bad points of each.

1. Using 1 to 1 NAT on the firewall to the VPN server (VPN NIC) and the other NIC on the LAN.

2. The VPN NIC going to a public IP on our router (bypassing the firewall) and the other NIC on our LAN.

I would like the security of the firewall but im not sure of the implications of a user actually being inside our firewall and on our LAN before being authenticated by VPN (or does NAT prevent this?).

Any comments would be appreciated.

Thanks,

Stu.
0
Comment
Question by:stu_bill
2 Comments
 
LVL 11

Accepted Solution

by:
geoffryn earned 50 total points
ID: 6918453
Assuming that yo uare using MS VPN and you configure the firewall correctly, the only traffic from the internet that will be allowed on your LAN is TCP port 1723 and GRE packets.  The firewall should only allow these packets to be forwarded to the VPN server.  Your real vulnerablility is to brute force attacks on the passwords of the VPN server and man in the middle attacks on the VPN session itself.  Generally, this set up will be much more secure that having a naked interface from the VPN server on the internet.  With all security scenarios, you need to follow a defense in depth model and use complex passwords and manage the VPN server security tightly.
0
 

Expert Comment

by:oricks
ID: 6918652
Depending on what firewall you are using. I have a Watchguard fireboxII and I was able to setup PPTP VPN users that authenticate to the firewall's external IP address with a user name and password that I assigned. It then issues a private IP address to that incoming VPN connections and I then have the user use Terminal services to connect to a specific server. Find all info you can about your firewall or use tech support. this method works pretty slick for me.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Print Server: How to Create it? 1 757
Windows server 2000 : Windows cannot access the specified device, path or file 5 816
Running Baan iV on VMware 3 118
Can’t delete a file 14 141
Microsoft Office Picture Manager was included in Office 2003, 2007, and 2010, but not in Office 2013. Users had hopes that it would be in Office 2016/Office 365, but it is not. Fortunately, the same zero-cost technique that works to install it with …
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now