D-Link DFL-2500 User Guide - Page 220
VPN Deployment
View all D-Link DFL-2500 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 220 highlights
20.3. Why VPN in Firewalls 201 ◦ In cases where the VPN gateway is located outside the firewall, can the firewall recognize VPN protected traffic from plaintext Internet traffic, so that it knows what to pass through to the internal network? ◦ Does it require additional configuration to the firewall or hosts participating in the VPN? In D-Link firewalls, the Security Gateway VPN is integrated in the firewall itself. The reasons for this design can be found in the scenario analysis presented next. 20.3.1 VPN Deployment Outside the Firewall, In-line (Figure 20.1) Figure 20.1: VPN Deployment Scenario 1 ♦ Benefits • Supports roaming clients, although it is difficult • No special routing information is needed in the firewall • The firewall can inspect and log plaintext from the VPN ♦ Drawbacks • The Security Gateway is not protected by the firewall • The firewall cannot easily determine which traffic came through an authenticated VPN and which came from the Internet, especially in the case of roaming clients • Internet connectivity depends on the Security Gateway D-Link Firewalls User's Guide