With the following firewall configuration, what recommendations does
anyone have for how we should handle VPN? I see two solutions:
1. Forward ipsec from FIREWALL 1 to FIREWALL 2 with isakmpd running
on FIREWALL 2.
2. Run isakmpd on FIREWALL 1 and nat the traffic from the VPN
network to FIREWALL 2.
I like method #2 because it doesn't allow direct access to isakmpd
from the Internet.
-----------------
| INTERNET |
--------o--------
|
|
------------o------------
| |(dmz)
+--------o FIREWALL 1 o-----
| | |
| -------------------------
|
|
| -------------------------
| | |
+--------o FIREWALL 2 |
| |
-------------------------
|(internal network)
--
albert chin ([EMAIL PROTECTED])
