I have a customer who wants to setup a LAN for Company employees as well
as employees of other companies, all of whom will be working together on
a joint venture project. This LAN will be external to the Company
Intranet. However, the customer also wants Company employees to be able
to access the Company's Intranet.
If I insert a Gauntlet between a LAN router and a router to the Company
Intranet, would I be able to enforce strong, two factor authentication
(via an ACE server) and then establish a plug-gw so they could access
all of the same services as if the Company employees were directly
connected to the Company Intranet, without having to re-authenticate
themselves for each service? Basically, my customer wants to
authenticate once, then keep the "pipe" open for all intranet access.
I realize that this implementation, if valid, is alien to the purpose of
installing a Gauntlet. However, since I need to connect an external LAN
to the Company intranet and I need to differentiate between the good
guys and the bad guys, I thought to use the granular filtering of a
The main purpose of the Gauntlet is to not allow non-Company employees
to access the Intranet. (Yeah, I know I used a double negative. My
apologies to any English majors who read this note.)
Any comments/suggestions would be welcome.