SINGLE SITE WITH INTERNET AND VPN (OPT-1) :-
The Internet Firewall can provide the additional functionality of VPN gateway (IPSEC/SSL Client to Site and IPSEC Site to Site) Notable is that while configuring Internet and VPN access for Inside and outside users respectively,the firewall should
For VPN –
Explicitly match source and destination IP for VPN traffic (Interesting traffic)
For Internet (NAT)-
Deny the source and destination subnets in NAT entry which were matched in VPN.
——————————————————————————————————————————————————————————-
SINGLE SITE WITH INTERNET AND VPN (OPT 2) :-
When we require a dedicated VPN gateway (IPSEC/SSL Client to Site and IPSEC Site to Site), the firewall would have 2 zones facing the VPN Gateway box,DMZ Zone and Inside1 Zone.
DMZ Zone –
Public facing Zone on which the remote VPN User or VPN device will form VPN tunnel.
Inside1 Zone –
Zone facing inside for VPN traffic traversal to Secured inside network.