Table of Contents:
In the last post, we discussed network design of single site with internet only. In this post, we will discuss network design of single site with internet and VPN. Let’s explore the two possible options:
Single Site with Internet and VPN: Option 1
The Internet Firewall can provide the additional functionality of VPN gateway (IPSEC/SSL Client to Site and IPSEC Site to Site) Notable is that while configuring Internet and VPN access for Inside and outside users respectively, the firewall should
For VPN –
Explicitly match source and destination IP for VPN traffic (Interesting traffic)
For Internet (NAT)-
Deny the source and destination subnets in NAT entry which were matched in VPN.
Single Site with Internet and VPN: Option 2
When we require a dedicated VPN gateway (IPSEC/SSL Client to Site and IPSEC Site to Site), the firewall would have 2 zones facing the VPN Gateway box, DMZ Zone and Inside1 Zone.
DMZ Zone –
Public facing Zone on which the remote VPN User or VPN device will form VPN tunnel.
Inside1 Zone –
Zone facing inside for VPN traffic traversal to Secured inside network.
ABOUT THE AUTHOR
I am here to share my knowledge and experience in the field of networking with the goal being – “The more you share, the more you learn.”
I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband.
I am a strong believer of the fact that “learning is a constant process of discovering yourself.”
– Rashmi Bhardwaj (Author/Editor)
