This website requires Javascript to function properly. Please go to the setting of your web browser and enable Javascript for this website.

Ad by

推荐 OXIO 加拿大高速网络，最低月费仅$40. 使用推荐码 RCR37MB 可获得一个月的免费服务

Ad by

推荐 OXIO 加拿大高速网络，最低月费仅$40. 使用推荐码 RCR37MB 可获得一个月的免费服务

My opinion

secfan(WebCat)

As my understanding, if ip forwarding is diabled on client C, no other machines on network A should be able to access network B. And even if ip forwarding is enabled on client C, I still doubt that they can access network B. The reason is because client C is going to be assigned a private IP for the VPN connection and network B will allowed only this private IP to connect. I haven't used Windows 2000 as a VPN gateway before but I think it should have the ability to define what traffic is allowed or not allowed. And client C is the only machine which can be accessed from network B through this VPN connection. If you want both sites to access each other through this VPN connection, you not only need to enable ip forwarding on client C, but also need to change your routing table on both sites and allow all this traffic on your VPN gateway.

(#584924@0)
Last Updated: 2002-6-18
This post has been archived. It cannot be replied.

Report

Replies, comments and Discussions:

工作学习 / IT技术讨论 / 请教 VPN安全性! -bjduck(北京烤鸭); 2002-6-13 {601} (#575301@0)
There are 2 network (As A, B). They must not exchange information between them and should be total septerat network . There are no any physical connection between them. A client C(whose computer is NT Workstation) in netowrk A wan to connect Network B thought a VPN client connect ion to the VPN server D, windows 2000 server, which is in Network B. If it is possible, the other person in Netowrk A could go into B network thought C's VPN connection. and If it is possible, the person in Network B could get information from Network A thought the cilent C?
Really confuing me. thanks in advanced

哈哈，你的名字太诱人了。。真想北京烤鸭啊。 -111111(快乐老家); 2002-6-13 (#575380@0)

老大，帮帮忙吧！ -bjduck(北京烤鸭); 2002-6-13 (#575582@0)

老大能不能用汉文? -member1(new); 2002-6-17 (#583763@0)
My opinion -secfan(WebCat); 2002-6-18 {849} (#584924@0)
As my understanding, if ip forwarding is diabled on client C, no other machines on network A should be able to access network B. And even if ip forwarding is enabled on client C, I still doubt that they can access network B. The reason is because client C is going to be assigned a private IP for the VPN connection and network B will allowed only this private IP to connect. I haven't used Windows 2000 as a VPN gateway before but I think it should have the ability to define what traffic is allowed or not allowed. And client C is the only machine which can be accessed from network B through this VPN connection. If you want both sites to access each other through this VPN connection, you not only need to enable ip forwarding on client C, but also need to change your routing table on both sites and allow all this traffic on your VPN gateway.

Thanks. I tried. let C to forward Ip and one pc in Network B set gateway to Client C's private IP, network B ip address. But it can't go thought. -bjduck(北京烤鸭); 2002-6-19 {83} (#587081@0)
By the way, where could I get some book to study Network Secuity. Thanks in advance

Internet is a good source. -secfan(WebCat); 2002-6-19 {415} (#587115@0)
All computer books are too expensive. You might find some books in the reference library. But I think the most information you can find is on the Internet. Just do a search using "computer security" or "information security" as key words, and you will find lots of information you want. Here are several good websites you should have a look:
www.sans.org
www.cert.org
www.securityfocus.com
www.ntbugtraq.com

both are possible. in terms of implementation details, depends which Firewall you r using and how much you are willing to pay. -guo_yizhou(tigerc); 2002-6-19 (#587017@0)

@Las Vegas

My opinion

Replies, comments and Discussions:

More Topics