Solved

Do we still need DMZ and VPN in IPv6 world

Posted on 2011-09-05
5
694 Views
Last Modified: 2012-05-12
We create DMZ and VPN in IPv4 to protect and to access our internal network. When we are in IPv6, how do we create a DMZ or VPN do we need them?
0
Comment
Question by:tommym121
  • 3
5 Comments
 
LVL 68

Accepted Solution

by:
Qlemo earned 250 total points
ID: 36485971
Strange question. IPv6 does nothing in regard of security or privacy, so yes, we will still need both DMZ and VPN.

A VPN does not only build a tunnel between two peers or networks, the traffic is authenticated and encrypted. Both can be very important parts of the tunnel.

A DMZ isolates a network from another one. The DMZ network usually isn't protected that much, and whenever access to the LAN is necessary, firewalling is asked for, to protect from malicious content.

Further, you can still have your private IPv6 addresses, which are not routable in the Internet - still you will need some kind of NAT for that. The "only" advantage of IPv6 directly visible is that the addresses will not get exhausted for the next decades.
0
 
LVL 19

Assisted Solution

by:bevhost
bevhost earned 250 total points
ID: 36486044
A DMZ will make your firewall rules a lot simpler.  It's not *required* though.  if you did it with IPv4 you will probably continue to do it with IPv6, unless it was there just because of the IPv4 NAT.

Also NAT in IPv6 is poorly supported and difficult to implement and is generally a bad idea.

The VPN won't add any value unless it has some sort of encryption.

The methods for creating VPN and DMZ are similar in IPv6 and IPv4.

0
 
LVL 19

Expert Comment

by:bevhost
ID: 36486047
0
 
LVL 19

Expert Comment

by:bevhost
ID: 36486049
0
 

Author Closing Comment

by:tommym121
ID: 36488055
Thanks
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Available cert SBS2008 for L2TP /IPSec 4 32
unknown svchost service useing lot of network resources 12 58
Routing Over XO Communications MPLS 7 44
Sonicwall blocks a site 49 58
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now