VPN
[VPN] Re: fw1 site to site vpn subnet conflict Sep 05 2006 04:17PM
Joseph S D Yao (jsdy center osis gov)
If you dual-proxy with two firewalls, you can use DNS internally to each
network but not resolve each other's IP addresses.

you - fw#1 ----------- fw#2 - them
IP address network
unused on either side

To elaborate:

Say, you are using all 10.0's, 10.1's, 10.2's, and 10.3's, and they are
using 10.3's, 10.4's, and 10.5's. Choose a 10.255.255 or a 172.31.255
for the in-between network.

When someone wants to do a Web browse, have your Web browser proxy to
fw#1, and fw#1 forwards the proxy message for them.com to fw#2, which
uses their own DNS to resolve the name. Similarly, their Web browsers
proxy to fw#2, which forwards the proxy message for you.com to fw#1,
which uses your own DNS to resolve the name.

When someone wants to send mail, have your mail server forward all
them.com e-mail to fw#1, which will forward it all to fw#2, which will
either forward it to a given mail server on their side or use their own
DNS to determine the mail server. Similarly, when they want to send you
e-mail, their mail server will forward all you.com e-mail to fw#2, which
will forward it all to fw#1, which will either forward it to a given
mail server on your side or use your own DNS to determine the mail
server.

Other services can be similarly proxied.

--
Joe Yao
-----------------------------------------------------------------------
This message is not an official statement of OSIS Center policies.
_______________________________________________
VPN mailing list
VPN (at) lists.shmoo (dot) com [email concealed]
http://lists.shmoo.com/mailman/listinfo/vpn

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus