This topic has been archived. It cannot be replied.
-
工作学习 / IT技术讨论 / VPN 和FIREWALL的菜问题请教
-zero(zero);
2004-8-11
{667}
(#1838321@0)
-
^^^
-zero(zero);
2004-8-11
(#1838323@0)
-
^
-zero(zero);
2004-8-12
(#1838602@0)
-
^ :(
-zero(zero);
2004-8-12
(#1838613@0)
-
^
-oceandeep(北极熊·湖州粽子);
2004-8-12
(#1838620@0)
-
Gateway应该放在Firewall外部, 两个Gateway他们自己会建VPN Tunnel, 你所要做的应该是Gateway和你的Firewall连接要通, Firewall要负责mirror客户所需要的服务port.
具体的看实际配置情况.
-siptoronto(George);
2004-8-23
(#1853136@0)
-
同意"两个Gateway他们自己会建VPN Tunnel" , 不同意"Gateway应该放在Firewall外部", 或者说不同意"Firewall放在VPN Gateway"的内部.
-laoyou(老游);
2004-8-23
(#1854021@0)
-
如果是你说的那种情况,可以把Gateway放在Firewall里面, 在Firewall上另外mirror一个地址给这个Gateway, 然后在现在那台准备加DB的Server上配置一个secondary address和Gateway内部interface连接.你说的有道理. 我把他们的VPN功能想复杂了.
-siptoronto(George);
2004-8-23
{40}
(#1854068@0)
-
是不是这边的Firewall一般只有一个public ip可以用? 那样的话比较复杂些,得把gateway要用的port mirror出来.
-siptoronto(George);
2004-8-24
(#1854086@0)
-
here it is.as my understanding, you need to build a VPN between gateway in another end and your firewall. The client can reach DB behind your firewall through the VPN tunnel. In this case, you need to use public IP address to communicate with other party.
-moneris(moneris);
2004-8-23
{246}
(#1853908@0)
-
VPN Gateway 是什么产品?牌子型号?如果VPN连接建立好, 意味着对端(不管是单机还是通过另一端gateway连接的多机), 和你们的这边的Gateway里面的这台Server 在一个网段, 也就是他们也可以访问到同网段的其它机器, 这是你们所希望的吗?
-laoyou(老游);
2004-8-23
(#1854000@0)
-
非常感谢大家的回复. 牌子是sonicwall 的,具体的型号还没有定下来. 能不能只OPEN一个SERVER给对方? 用DMZ? 是否移动的用户要占用一个TUNNEL? THANKS
-zero(zero);
2004-8-24
(#1854714@0)
-
VPN Gateway 和Firewall一样也有至少两个物理接口. 如果你们有一台专门的服务器给他们用, 将它接到Gateway的Internal上最安全了.如果你们的DMZ可以用, 这倒是个一最简单的方法. 用了DMZ就不用管什么Tunnel了,除非SOnicWall也要你来配.
-laoyou(老游);
2004-8-24
(#1854761@0)
-
thanks a lot
-zero(zero);
2004-8-24
(#1855092@0)
-
这个服务器并不是VPN 专用的, LAN/WAN 都要用到. 没办法,只好用DMZ.
一想到安全问题,真是头大. :((
-zero(zero);
2004-8-24
(#1855128@0)
-
u need to know other site's gateway first..if it supports IPSec, it shouldn't be a problem to support site to site VPN. sonicwall has several manuals about it. we use sonicwall too, let me know if u need more info.
-speed(如风);
2004-8-24
(#1854762@0)
-
thanks in advance
-zero(zero);
2004-8-24
(#1855089@0)
-
the gateway in the other side should be sonicwall as well.
-zero(zero);
2004-8-24
(#1855106@0)
-
if it's sonicwall, it should be very easy. just follow the instructions on sonicwall manual to set up site to site VPN. u r all set.doesn't matter what internal network and mask each side is using, as long as they r not the same.
-speed(如风);
2004-8-24
{98}
(#1855114@0)
-
You really know what he need? 总要先知道怎么连, 才能开始配吧
-laoyou(老游);
2004-8-24
(#1855285@0)
-
his description is not clear. but from my understanding, it seems that his customer needs to replicate or move some data from the customer site to his site. that's why i assume a site to site VPN should work for him.
-speed(如风);
2004-8-24
(#1855289@0)