Do we still need DMZ and VPN in IPv6 world

tommym121
tommym121 used Ask the Experts™
on
We create DMZ and VPN in IPv4 to protect and to access our internal network. When we are in IPv6, how do we create a DMZ or VPN do we need them?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
"Batchelor", Developer and EE Topic Advisor
Top Expert 2015
Commented:
Strange question. IPv6 does nothing in regard of security or privacy, so yes, we will still need both DMZ and VPN.

A VPN does not only build a tunnel between two peers or networks, the traffic is authenticated and encrypted. Both can be very important parts of the tunnel.

A DMZ isolates a network from another one. The DMZ network usually isn't protected that much, and whenever access to the LAN is necessary, firewalling is asked for, to protect from malicious content.

Further, you can still have your private IPv6 addresses, which are not routable in the Internet - still you will need some kind of NAT for that. The "only" advantage of IPv6 directly visible is that the addresses will not get exhausted for the next decades.
David BeveridgeLinux Systems Admin
Commented:
A DMZ will make your firewall rules a lot simpler.  It's not *required* though.  if you did it with IPv4 you will probably continue to do it with IPv6, unless it was there just because of the IPv4 NAT.

Also NAT in IPv6 is poorly supported and difficult to implement and is generally a bad idea.

The VPN won't add any value unless it has some sort of encryption.

The methods for creating VPN and DMZ are similar in IPv6 and IPv4.

Author

Commented:
Thanks

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial