VPN Windows 2000

C

cptkirkh

I inherited a network that uses 2000 server for the VPN. The server
has two nics one for the external and the other for the internal. Did
this device really need to have two nics? Isn't that a little
dangerous placing a windows box outisde of the firewall? Can't
i just tell my PIX to port over VPN to that particualr box and use one
nic with the internal Ip address? If so what ports do I need port
over? thanks for your help.
 
K

Kurt

cptkirkh said:
I inherited a network that uses 2000 server for the VPN. The server
has two nics one for the external and the other for the internal. Did
this device really need to have two nics? Isn't that a little
dangerous placing a windows box outisde of the firewall?
Click to expand...

I'd have no problem with this as long as the server is properly locked down
and patched.

Can't i just tell my PIX to port over VPN to that particualr box
and use one nic with the internal Ip address?
If so what ports do I need port over?
Click to expand...

If it's just a PPTP VPN server so other Windows boxes can connect form the
outside world, you can use just the internal NIC and fprward port 1723. If
you're using L2TP or IPSec tunnels, you'll probably have the best luck
leaving the second NIC with a public address.

....kurt
 
S

Someuser

I am with you 100%. I never and I mean NEVER allow a server to be outside of
a firewall. Net protocol (FTP,HTTP,SMTP, etc) servers reside in a firewall
protected DMZ and communicate with SQL servers, etc... within the intranet
through very controlled limits.

I have personnaly used port forwarding for PPTP (port 1723) to access my
office remotely for years and have never had problems. More over I would not
feel comfortabkle with anything less since my client data is of a sensitive
nature.

cheers,
James
 
K

Kurt

Just to throw my 2 cents worth here, PPTP is not nearly as secure as
L2TP/IPSec. So you've got to choose your devil. A lesser encryption on the
data stream or a publicly available server. I'm not saying one is better or
worse than the other, just that both have their risks. Sometimes it's not
possible to use pptp - sometimes the other end is not a Windows client and
just doesn't support it. Sometimes IPSec may be a security requirement of
the other party (or medical or governmental data). In any case, a locked
down MS RRAS server isn't generally any less secure than any other server
(Even Cisco PIX has had security flaws).

....kurt
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Routing 3
VPN server without domain controller 0
2 Nics - one to internet one to VPN 6
VPN - PPTP Ports 2
VPN Setup 2
Dual homed 2003 - VPN/DNS issue 3
Dual NICs and VPN (RRAS) 7
RRAS Won't Work On Dual Nic Server 3

Top