We have a win2k server which we would like to use for VPN (win2k VPN) acces to our network. The server is NOT our domain controller. I can see 2 options for our network and i would appreciate somebody pointing out the good and bad points of each.
1. Using 1 to 1 NAT on the firewall to the VPN server (VPN NIC) and the other NIC on the LAN.
2. The VPN NIC going to a public IP on our router (bypassing the firewall) and the other NIC on our LAN.
I would like the security of the firewall but im not sure of the implications of a user actually being inside our firewall and on our LAN before being authenticated by VPN (or does NAT prevent this?).
Any comments would be appreciated.