Question on VPN & DMZ

Question on VPN & DMZ

Post by vie.. » Thu, 23 Dec 1999 04:00:00

what does VPN and DMZ do? Give example please. And how are they related?

Sent via
Before you buy.


Question on VPN & DMZ

Post by Bruce Pennypacke » Thu, 23 Dec 1999 04:00:00

>what does VPN and DMZ do? Give example please. And how are they related?

They're not related other than by the mere fact that they both involve types
of firewalls.

DMZ stands for "Demiliterized Zone" (a term used by the US Military to
identify a secure buffer zone between two rival groups).  As far as
firewalls go, a DMZ is typically a part of a network where web servers and
other servers accessible by both the internet as a whole and the site that
runs the servers are stored.  The DMZ is secured so that only specific
protocols can pass from the internet to the servers on the DMZ and similarly
from the internal LAN to those servers.  No traffic is allowed to pass from
the internet through the DMZ to the LAN or from the LAN through the DMZ to
the internet (depending on the network topology).

VPN stands for Virtual Private Networking.  This is a feature that lets an
individual connected somewhere on the internet to connect through a firewall
to the LAN on the inside of the firewall.  It basicaly makes the computer on
the internet appear to be a host on the private LAN (a virtual host, hence
the name) for means of working remotely.



Question on VPN & DMZ

Post by Teresa Wal » Fri, 24 Dec 1999 04:00:00

DMZ = De-Militarized connecting to the Internet,
Servers running questionable services connected to the Internet

VPN = Virtual Private satellite office needing to
connect to the Corporate office.

A DMZ is usually hung off of an external router/firewall connected to the
Internet, and a VPN is usually a LAN (local area network) connecting to
another LAN via the Internet (hopefully encrypted).

>what does VPN and DMZ do? Give example please. And how are they related?

>Sent via
>Before you buy.


1. What is the best structure for a DMZ and VPN?

I'm in the process of setting up a firewall solution that will be protecting
a network with a mail, web, ftp and vpn servers (as well as the standard
file servers, etc...).  I'm currently trying to figure out the best
structure to set everything up.  Additional to a Linux firewall that I want
to put in, the system will also be using MS Proxy 2.0 to administer access
priviledges to specific users.  With the VPN server inside the firewall,
though, it will need an internal address.  How do I route requests to it?

So far, I've come up with the following solution, but I'm not sure it is the
best.  What is the best way to forward email into the internal network from
within the DMZ?  Is it simply all directed to the firewall which then
forwards everything straight to the internal mail server?  From what I can
tell, using packet forwarding would not be a secure method.  What should be
used instead?

Is this a typical setup for a protected network?  Are there better
solutions?  Should I add an additional Linux firewall between the Router and
the DMZ?  How do I protect the DMZ?

| T1 Connection |
| Cisco Router |
        |     |
        |      \
        |        -----------------|
        |                                |
------------------         -------------------
| Linux Firewall |        | DMZ Here        |  <= Has a DNS for the DMZ,
FTP, Web server
------------------         -------------------
      |               |
-----------     ------------
| MS VPN|    | MS Proxy |
-----------     --------------
      |              |
      \            /
| Internal Network | <= Mail server, Internal DNS server goes here

Any and all advice, suggestions and/or links that may be of use are greatly



2. Building a better cron: mail headers

3. Linux vpn & cisco vpn client

4. Socks firewall and Netscape - Incorrect version?

5. ppp & NT VPN Questions

6. Where to start?

7. VPN NAT && 2.4 kernel

8. System Diagnostics

9. PPP & SSH & VPN

10. OpenBSD 2.9 (IPF & NAT) Firewall & Microsoft VPN problem

11. &&&&----Looking for a unix shell------&&&&&

12. DMZ & Proxy Firewall