General discussion


Inhouse business partners VPN

By Marty J ·
We have an outsourced travel department that has 3 people that work at our facility. They use our intranets web server but that is the only domain resource. I am putting in a Nortel Contivity 100 to allow VPN tunnels back to their application servers. I would like to segment them off the network completely but again, they need to use our intranet. What would be the simplest way of designing this? We have a Cisco 3015, can I create an inbound tunnel that they could come back in on? This might be a firewall nightmare.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by erikdr In reply to Inhouse business partners ...

Indeed the U-turn route looks like a receipe to make your fwall unmaintainable.
Why not take an alternative, slightly less risky, approach: make the segmenting off from your LAN less 'concrete' and more 'filtered'. Between their LAN segment (which is used for 99% for the VPN outside) and yours put a router, with a filter allowing solely the IP address of this intranet web server.
Will create some complexity in their workstations because for 99% of the IP adresses they'd need to access the VPN route and for 1% not, but seems more doable that U-turns...

Hope this helpz a bit,

<Erik> - The Netherlandz

Related Discussions

Related Forums