JediFonger
2[H]4U
- Joined
- Jan 2, 2003
- Messages
- 2,777
VPN can be served from the firewall/router or a server itself. coupla questions:
1. should VPN connections end at the firewall/router? if so, after connecting to the firewall/router, how would the remote client access domain resources (like windows 2003)? after all, firewall/router VPN connection != server domain connection. does the remote client need a separate logon? what if the remote client can't see ANY domain resources nor ping any of the network resources even though firewall policies have enabled internal network access from VPN connections?
2. should VPN connections be passed through the firewall via opening port 1723 and gre47 for somn like w2k3 to server VPN itself because it can authenticate win-logon and therefore access network? wouldn't this be a security risk of sorts? when w2k3 is setting up remote access for ONE nic connections, all domain resources get disabled. anyone experience this? is RAS made for TWO nics instead of one?
3. which method is better? pro/cons of both?
1. should VPN connections end at the firewall/router? if so, after connecting to the firewall/router, how would the remote client access domain resources (like windows 2003)? after all, firewall/router VPN connection != server domain connection. does the remote client need a separate logon? what if the remote client can't see ANY domain resources nor ping any of the network resources even though firewall policies have enabled internal network access from VPN connections?
2. should VPN connections be passed through the firewall via opening port 1723 and gre47 for somn like w2k3 to server VPN itself because it can authenticate win-logon and therefore access network? wouldn't this be a security risk of sorts? when w2k3 is setting up remote access for ONE nic connections, all domain resources get disabled. anyone experience this? is RAS made for TWO nics instead of one?
3. which method is better? pro/cons of both?