VPN and Firewall

[Mike Forman]

I'm getting a T1 installed at my office and would like to setup a VPN so I can
access certain stuff from the outside.

I plan on building a new box with 2 network cards just for doing the VPN. Since
I can get several static IPs from my ISP, I was going to assign one of them to
one NIC, and give the other NIC an address in the range for what I'm going to
use inside the network (I'm going to be using NAT for the LAN).

These may be dumb questions but.....

1) Where do I put the VPN? Outside or inside the firewall? If it goes inside,
that means I have to foward ports, right?

2) Does the VPN get added to the domain? I would like people to be able to
connect using their regular account logins.

3) Is it a good idea to make this 2 network card machine both a VPN and a
firewall? I don't want to use the linksys too long but don't want to throw down
3K for a firebrick.

Thanks!

-Mike

 

[Marc Reynolds [MSFT]]

Answers inline

--------------------
| From: Mike Forman <[email protected]>
| Newsgroups: microsoft.public.win2000.networking
| Subject: VPN and Firewall
| Date: 26 Sep 2003 00:46:17 -0700
| Organization: Newsguy News Service [http://newsguy.com]
| Lines: 24
| Message-ID: <[email protected]>
| NNTP-Posting-Host: p-669.newsdawg.com
| X-Newsreader: Direct Read News 4.20
| Path:
cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!newsfee
d01.sul.t-online.de!t-online.de!fu-berlin.de!pln-w!spln!dex!extra.newsguy.co
m!newsp.newsguy.com!drn
| Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.networking:38486
| X-Tomcat-NG: microsoft.public.win2000.networking
|
| I'm getting a T1 installed at my office and would like to setup a VPN so
I can
| access certain stuff from the outside.
|
| I plan on building a new box with 2 network cards just for doing the VPN.
Since
| I can get several static IPs from my ISP, I was going to assign one of
them to
| one NIC, and give the other NIC an address in the range for what I'm
going to
| use inside the network (I'm going to be using NAT for the LAN).
|
| These may be dumb questions but.....
|
| 1) Where do I put the VPN? Outside or inside the firewall? If it goes
inside,
| that means I have to foward ports, right?

a) I would put the VPN inside and forward from the firewall to the VPN

|
| 2) Does the VPN get added to the domain? I would like people to be able
to
| connect using their regular account logins.

a) yes
|
| 3) Is it a good idea to make this 2 network card machine both a VPN and a
| firewall? I don't want to use the linksys too long but don't want to
throw down
| 3K for a firebrick.

a) You could do this. I would recommend buying ISA Server and installing it
on the VPN server in this scenario.
|
| Thanks!
|
| -Mike
|
|

Thanks,
Marc Reynolds
Microsoft Technical Support

This posting is provided "AS IS" with no warranties, and confers no rights.