ANSWER: Get a VPN dedicated device, like Cisco's VPN Concentrator 3000 series. The Cisco PIX can do the job of terminating the VPN tunnel and can hold a few encrypted logins. Some Suggestions: Use Checkpoint Firewall on Solaris Use a PIX and LDAP for auth Suns aren't firewalls, use a firewall Use a PIX and Radius Use Cisco VPN 3000 series I have a lot of reading to do. We already are testing LDAP and TACACS. I would like to get more educated on Radius since I am really not sure what it is. LDAP is very attractive in this case since, it seems, I can use the same logins for the rest of the systems on the PIX. The ideal solution seems to be getting a VPN Concentrator 3000 and the Unified client from Cisco (have to put those on the wish list). Bottom line is that the equipment we have (PIX) is able to do the job. It is just a matter of getting the configs. Thanks to everyone who help out: Nagendra Prasad Ger Lawlor Al Hopper James Fogg Chris Smith Vlade Ristevski Best, Dave Baldwin -----Original Message----- From: David Baldwin Sent: Wednesday, January 30, 2002 9:51 AM To: sunmanagers@sunmanagers.org Cc: sunhelp@sunhelp.org Subject: VPN Solution Hi, I am trying to pinpoint what the best solution would be to allow access to the inside from the outside. Currently we have a pix firewall filtering packets separating inside and web. Where I am having trouble is with the whole VPN concept. Do I need a VPN server to do this? If I do I would like for it to be a Sun solution. It looks like it might be possible to terminate the VPN tunnel at the pix and that would allow for both Win2k and Unices clients to connect using pptp. But, then, how would clients get an IP? So far, the documentation found has not been sufficient. Would I use SunScreen/DHCP to deal out IPs to clients? Will that work for all clients? If anyone can tell me which doc to read to make this process clear or has some pointers that can help, I would be grateful. Sorry if this is a little off topic, I wasn't sure where to start and I know I would like to use Sun if possible. TIA Dave Baldwin _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Fri Feb 1 14:59:41 2002
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:33 EST