[SunHELP] VPN Solution

Chris.Smith at txucom.com Chris.Smith at txucom.com
Wed Jan 30 13:16:22 CST 2002 

VPN encapsulates packets destined for one network into a packet that is
sent on another network to a device that takes that packet, decapsulates
the enclosed packet, then puts it on the network for which it was destined.
So in effect, much like a T1, ISDN, or dialup lines are our transport
between networks, VPN uses an existing network as transport to another
network.  You VPN client and concentrator encapsulate and decapsulate
packets as needed.

You can definately use your PIX firewall to terminate VPN connections.  The
PIX was Cisco's first attempt (i believe) at VPN, then they bought Altiga
Networks (the Cisco VPN 3000 Line) and another company that became the
Cisco VPN 5000 line.  The 5000 line, in the beginning, was the only client
that had Solaris support, but Cisco has moved to a unified client that will
allow you to connect to either a PIX, 3000 Series Concentrator, or 5000
Series concentrator.

Chris Smith
TXU Communications
936.637.4674 office
281.396.4720 fax
chris.smith at txucom.com
http://www.txucom.com



                                                                                                                         
                    "David Baldwin"                                                                                      
                    <dbaldwin at networkin        To:     <sunmanagers at sunmanagers.org>                                     
                    sight.com>                 cc:     <sunhelp at sunhelp.org>                                             
                    Sent by:                   Subject:     [SunHELP] VPN Solution                                       
                    sunhelp-admin at sunhe                                                                                  
                    lp.org                                                                                               
                                                                                                                         
                                                                                                                         
                    01/30/2002 11:51 AM                                                                                  
                    Please respond to                                                                                    
                    sunhelp                                                                                              
                                                                                                                         
                                                                                                                         




Hi,
I am trying to pinpoint what the best solution would be to allow access
to the inside from the outside.
Currently we have a pix firewall filtering packets separating inside and
web.
Where I am having trouble is with the whole VPN concept.
Do I need a VPN server to do this?  If I do I would like for it to be a
Sun solution.
It looks like it might be possible to terminate the VPN tunnel at the
pix and that would allow for both Win2k and Unices clients to connect
using pptp.  But, then, how would clients get an IP?  So far, the
documentation found has not been sufficient.
Would I use SunScreen/DHCP to deal out IPs to clients?  Will that work
for all clients?

If anyone can tell me which doc to read to make this process clear or
has some pointers that can help, I would be grateful.

Sorry if this is a little off topic, I wasn't sure where to start and I
know I would like to use Sun if possible.

TIA
Dave Baldwin
_______________________________________________
SunHELP maillist  -  SunHELP at sunhelp.org
http://www.sunhelp.org/mailman/listinfo/sunhelp

More information about the SunHELP mailing list