There has been much discussion in this list about, dial-up access, and
I will probably refer some subjects which have already been discussed. The
thing is that the problem I have must be addressed as a whole, and I'll give
a brief description:
We are building a firewall system for a large company, which has
departmental Netware LANS spanned all over the country. The firewall service
would be installed in it's headquarters. Two things that I have to live with:
1. They will use Netware Connect . I'm not very familiar with this, but
from what I know, NW Connect, can route IP traffic, and if it can
users will demand it. IPX will also be used.
2. The access points (NW Connect servers), will be all over the country
so that they can be administered locally, and to be able to offer a
local call charges. This is the reason I can not put the dial-up
accesses outside the firewall.
What I am looking for now, is a way to solve the following problems ( I
understand some points may be specific to the Novell product, but I consider
this to be an important subject when we are talking of securing large
1. What is the possibility to enforce NW Connect security from a central
point, rather than trust system administratos at remote sites, which
may not be that sensible to security issues ?
2. Would it be wise (or possible) to allow IPX traffic to the local LAN
directly, but route any IP to the screened subnet we are installing
at the headquarters ? This would give a scenario of external users
inside your network : a good use for IP over IP ?
I have not studied any of the proposed solutions, yet, so there may be some
flaws which would not allow some of them. If anyone had a similar problem,
or just wants to give some ideas, a thread on this subject would be nice.
Ricardo Jorge Pereira
Centro de Comunicacoes em Ambientes Empresariais
Av. Duque d'Avila 23, Apartado 10105, 1017 Lisboa Codex, Portugal
Telef : +351 1 3100069
Fax : +351 1 3100068
email : ricardo .
Microsoft is not the answer, Microsoft is the question.
No is the answer.