|
Posted by Leythos on April 19, 2005, 9:54 pm
If you were Registered and logged in, you could reply and use other advanced thread options
On Tue, 19 Apr 2005 14:41:24 -0700, aether8203 wrote:
> We are trying to establish a VPN from a small office back to the
> corporate intranet. For the small office we have a simple PIX firewall
> and for the corporate side, we have a Sidewinder (3 "burbs": external,
> internal, DMZ).
>
> My idea is to put a PIX firewall in the DMZ and the distant small office
> will have an encrypted tunnel between PIX to PIX. But then I would have
> to pop a HUGE hole in the Sidewinder to allow traffic back into the
> internal area. Isn't a DMZ not supposed to have traffic into an
> internal area? Isn't that the point of a DMZ? Traffic stays out of the
> internal network but internal can still get to the DMZ?
>
> Would it be better if I made the Sidewinder just be one of the "ends" of
> the VPN? So I would have PIX to Sidewinder?
>
> Any information on that type of configuration?
I don't have a sidewinder, but if you can't do a site to site VPN then you
need to get a different firewall. You should be able to setup a PIX to
Sidewinder IPSec tunnel, then create rules that allow/deny access from
each side to the other.
--
spam999free@rrohio.com
remove 999 in order to email me
| 
XML site map