Single Site with Internet and VPN: Network Design

Rashmi Bhardwaj | Blog,Config & Troubleshoot
Google ADs

In the last post, we discussed network design of single site with internet only. In this post, we will discuss network design of single site with internet and VPN. Let’s explore the two possible options:

Single Site with Internet and VPN: Option 1

The Internet Firewall can provide the additional functionality of VPN gateway (IPSEC/SSL Client to Site and IPSEC Site to Site) Notable is that while configuring Internet and VPN access for Inside and outside users respectively, the firewall should

For VPN –
Explicitly match source and destination IP for VPN traffic (Interesting traffic)

Google ADs

For Internet (NAT)-
Deny the source and destination subnets in NAT entry which were matched in VPN.

Single Site with Internet and VPN: Option 2

When we require a dedicated VPN gateway (IPSEC/SSL Client to Site and IPSEC Site to Site), the firewall would have 2 zones facing the VPN Gateway box, DMZ Zone and Inside1 Zone.

DMZ Zone – 
Public facing Zone on which the remote VPN User or VPN device will form VPN tunnel.

Inside1 Zone –
Zone facing inside for VPN traffic traversal to Secured inside network.

ABOUT THE AUTHOR


Leave a Comment

Your email address will not be published. Required fields are marked *

Shopping Cart