Posted on 2006-11-11
Our startup company has licensee's who license our software. The data they collect with our software is our intellectual property per our license agreement.
We need to collect licensee's data and copy to our databases which gives the licensees as a whole a greater chance to help clients, due to a bigger database.
I want to set it up like a secure web server topology...using cisco vpn and pix firewall since i already have that in place. I will just make a 2nd vpn group per what i want. However its not really a web server, only the licensee's will have access via vpn. The only way they get our software is by us putting it on a computer and giving them the computer. I am going to set up Cisco vpn client on these boxes (image) so they have to do very little. We may just have an icon they can use that just runs a script to just copy everything over after they connect the vpn.
[License uses cisco vpn client to connect]------> [to "External_PIX" - vpn group only allowed here]-----> ['web server' they drop their data on]---connected to -----> ["Internal_PIX" ]---->[private network]
Would it be more secure to use different networks and nat each side of both pix's? how do i only allow external vpn to just the one box while still only allowing legit traffic to our internal network? Is it better to have a different internet connection for each pix. If so that would be ok, i have a couple global ip's to use and i already have our internet plugged into a little switch so our wireless and internal net use different global ip's. please advise me on some of the most secure best practices in accomplishing what i'm trying to do. Thanks in advance. i will ask as many questions to give as many points required to get this all done.