Message-ID: <560cc20ec43e3607 @
Xdeliver: HEADER START (not lowercased)
Xdeliver: From firewalls-owner @
COM Mon Dec 9 12:40:53 1996
Xdeliver: Return-Path: <firewalls-owner @
Xdeliver: Received: from relay5.UU.NET by cichlid.com with smtp
Xdeliver: (Smail220.127.116.11 #13) id m0vXCUa-000GTya; Mon, 9 Dec 96 12:40 PST
Xdeliver: Received: from miles.greatcircle.com by relay5.UU.NET with ESMTP
Xdeliver: (peer crosschecked as: [18.104.22.168])
Xdeliver: id QQbtju09571; Mon, 9 Dec 1996 15:39:21 -0500 (EST)
Xdeliver: Received: (majordom @
localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id KAA07644 for firewalls-outgoing; Mon, 9 Dec 1996 10:54:24 -0800 (PST)
Xdeliver: Received: from ns2.eds.com (ns2.eds.com [22.214.171.124]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id KAA07602 for <firewalls @
COM>; Mon, 9 Dec 1996 10:54:07 -0800 (PST)
Xdeliver: From: MSITMI02 .
Xdeliver: Received: from nnsp.eds.com (nnsp.eds.com [126.96.36.199]) by ns2.eds.com (8.8.2/8.8.2) with ESMTP id NAA25821 for <firewalls @
COM>; Mon, 9 Dec 1996 13:53:41 -0500 (EST)
Xdeliver: Received: from DNET.EDS.COM (dnet.eds.com [188.8.131.52]) by nnsp.eds.com (8.7.6/8.7.3) with SMTP id NAA18293 for <firewalls @
COM>; Mon, 9 Dec 1996 13:53:09 -0500 (EST)
Xdeliver: HEADER END
Xdeliver: SENDER firewalls-owner @
Xdeliver: from msitmi02 .
X400-Originator: MSITMI02 .
X400-Recipients: firewalls @
X400-Content-Type: P2-1988 (22)
Message-ID: <0095000008068849000002* @
Subject: Re: RAS and Firewalls
Date: Mon, 9 Dec 1996 13:56:27 -0500
Sender: firewalls-owner @
Actually, I am not trying to get a specific solution to a client's
network. I wanted information on general principles and how RAS could be
made to work across the Internet.
The general situation is a internal network on which someone has
installed RAS. It has frequently been argued that this makes the network
insecure, one mail stating that the writer had detected someone going OUT
through the firewall who had come in through RAS. The next step is that
the company connects to the internet and installs a firewall. Obviously
there is no point in doing this if RAS creates a hole behind the wall.
As for RAS services, I don't know what they might all be. The first thing
that comes to mind is collecting your mail with MS mail client. I don't
see where DMZ enters the equation, but obviously a company would want
only its own employees fetching mail, and wouldn't want damage being done
to the server offering RAS.
To repeat: How does this fit in with a firewall? The aim of course is
that to use RAS the user must cross the firewall in a controlled manner,
and not bypass it.
distinti saluti/best regards
EDS Italia SpA
Viale Monza, 257
Milano, Italy tel. + (0)2 2524272
com fax + (0)2 27002588
Sent: sabato 7 dicembre 1996 11.46
To: KERRIGAN, PHILIP
What is the network topography?
Do you have multiple segments through the firewall? Secured servers?
What do the clients using RAS need to access?
What is withing your DMZ?
Are the RAS clients to be trusted to the servers, internet, both?
You need to give a fair bit more info before that may be answered.
> Anyone have any recommendations on how to make RAS available to remote
> clients when the internet gateway is a firewall?
> Would you have PPP on the Firewall itself, a RAS server outside the
> Firewall, a modem bank outside the firewall? What protocols have to
> the firewall?
> distinti saluti/best regards
> Philip Kerrigan
> EDS Italia SpA
> Viale Monza, 257
> Milano, Italy tel. + (0)2 2524272
> msitmi02 .
com fax + (0)2 27002588