[ previous ] [ next ] [ threads ]
 
 From:  "Chris Schafer" <chris at techpartnersmaui dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Securiing ip Sec tunnel from some users on site
 Date:  Thu, 14 Sep 2006 08:51:37 -1000
I would like to know if this is a reasonable security plan for remote
office workers...

 

I am using M0n0walls to do ipSec tunnels.  But I would like the users to
be able to have other systems at the sites with internet access.  

 

So I am thinking I will have three networks on the end point systems.

 

WAN

LAN1 corporate lan

LAN2 everything else

 

I will leave the end point for the ipsec tunnel on LAN1 and then have a
firewall rule blocking LAN1<->LAN2 traffic.

 

Will this do what I want?  Any other issues?

 

Thanks Chris