So you want to create a VPN for the employees to get
back in, and not the folks from the other company, yes?
(This is a VPN minus the encryption or tunneling, it looks
like, so there goes a fair portion of the security.)
However, the non-employees will have access (across
the net) to the employee machines that do have access
to the intranet?
So, if I'm one of these non-employees, and I decide
to access your intranet, then I will have to telnet
to one of the employee machines first?
(I say telnet, but it could be just about any protocol..
even me dropping a trojan file of some sort on
the fileshare of one of the employee's Win95 boxes.)
---------- Previous Message ----------
From: jim .
com ("Messano, Jim") @ smtp
Date: 10/10/97 08:05:21 AM
Subject: To Gauntlet or not to Gauntlet
I have a customer who wants to setup a LAN for Company employees as well
as employees of other companies, all of whom will be working together on
a joint venture project. This LAN will be external to the Company
Intranet. However, the customer also wants Company employees to be able
to access the Company's Intranet.
If I insert a Gauntlet between a LAN router and a router to the Company
Intranet, would I be able to enforce strong, two factor authentication
(via an ACE server) and then establish a plug-gw so they could access
all of the same services as if the Company employees were directly
connected to the Company Intranet, without having to re-authenticate
themselves for each service? Basically, my customer wants to
authenticate once, then keep the "pipe" open for all intranet access.
I realize that this implementation, if valid, is alien to the purpose of
installing a Gauntlet. However, since I need to connect an external LAN
to the Company intranet and I need to differentiate between the good
guys and the bad guys, I thought to use the granular filtering of a
The main purpose of the Gauntlet is to not allow non-Company employees
to access the Intranet. (Yeah, I know I used a double negative. My
apologies to any English majors who read this note.)
Any comments/suggestions would be welcome.