TCP/IP Question

[mizzy]

Hi there,

I have setup a VPN server in our office and configured the clients successfully. The Road-warriors can successfully access our servers and the AS400 over the internet. (The VPN runs on the firewall).

You may ask whats the problem then?

Well its an uneasy feeling I have about the way TCP/IP is configured on my servers and AS400.
Because all the road-warriors have dynamic addresses I have no way of knowing who they are. So I have had to set the default gateway of all my servers and the AS400 to the VPN/firewall where they come in.
(If the road-warriors had static addresses I could just add a few routes on my servers). I now feel that anyone can get to my servers alot easier than if their default gateway settings was left blank

Does everyone else out there have the same problem? or is their some way around this(Apart from everyone ringing me up with their latest IP address!)

Regards,

 

[lgarner]

As long as the firewall blocks access to the servers, it really doesn't make too much difference. Is you VPN device capable of assigning addresses from a pool? We use a Pix and a Linux server for VPN access and both can do that. Windows can also. That way you could have a route to your address pool only via the firewall/VPN device.

 

[mizzy]

Hi there and thanks for your assistance,

Well I do not do any port forwarding(is that what you mean by "firewall blocks access to the servers"?)

I have tested all this out and I cannot start a session to the AS400 and cannot map drives to my file servers without the VPN client.

I guess the main reason for my concern is a huge hole in my TCP/IP knowledge.

Regards and have a good weekend,