VPN scenario

[lill]

Hi,

I have a question when it comes to the placing of the VPN server in a
private network; the network consist of different "zones" including a
perimeter network that is located between the rest of the private
network and the Internet (no DMZ). The resources that the locale clients
need to access are located in the inner part of the network. These
resources is also the same that the remote clients will need to access
from a remote location. The question is where to place the VPN server in
such network? Should it be placed near the resources that the remote
clients want to access, or should it be placed as far out in the
perimeter network as possible?
There are multiple firewalls available.

-Lill

 

[Bill Grant]

The "internal" interface of the VPN server needs to be on the internal
private LAN, with direct access to the LAN resources.

The external interface needs to be where it can be accessed from the
Internet, because the encrypted VPN data travels through the Internet inside
IP packets with public addresses.

If there is a privately addressed subnet between the internal private
LAN and public network, you will need to use port forwarding to get the VPN
traffic from a public addressed machine (such as a router/firewall) to the
VPN server's external interface. The VPN client must make its initial
connection to a machine which can be reached through the Internet by its
public IP or FQDN.