<div>
<div class="content wysiwyg-content">
I have a class c internal lan and will be implementing vpn. I would like my vpn clients to securely access my internal resources via vpn and be able to browse internet at the same time. I've read articles that seem to suggest this is not recommended as the vpn client can become a virtual gateway into the corporate network for hackers. <br />
<br />
My questions are:<br />
Do I assign an offset ip address range to my vpn clients e.g use class A addresses for vpn clients to prevent users being able to surf and access vpn resources simultaneously<br />
Do I need to assign static vpn IPs or can i get dhcp working for my vpn clients<br />
<br />
I'm using checkpoint fwall &amp;&nbsp;vpn
</div>
</div>


I have a class c internal lan and will be implementing vpn. I would like my vpn clients to securely access my internal resources via vpn and be able to browse internet at the same time. I've read articles that seem to suggest this is not recommended as the vpn client can become a virtual gateway into the corporate network for hackers. 

My questions are:
Do I assign an offset ip address range to my vpn clients e.g use class A addresses for vpn clients to prevent users being able to surf and access vpn resources simultaneously
Do I need to assign static vpn IPs or can i get dhcp working for my vpn clients

I'm using checkpoint fwall & vpn

Assigning vpn client ip address range

Software firewalls, also known as host-based firewalls, provide a layer of software on one host that controls network traffic in and out of that single machine. Most operating systems now include firewall software, but many available software firewalls include central distribution, antivirus systems and disaster recovery.

Software Firewalls

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.

Internet Protocol Security

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.