Obtain Necessary Information

In most cases, a logical ViPNet structure (the distribution of clients and their connections to respective coordinators) corresponds to the structure of the network itself. According to the existing security policy, a coordinator can be used for the following functions:

• IP Addresses Server. The coordinator can be used for the registration of active clients and for notifying clients about the current IP addresses of other clients.
• VPN Gateway. If the coordinator is installed at the gateway of a LAN, it is used by mobile and remote ViPNet clients as a VPN gateway (IP address server). At the same time, the coordinator acts as a firewall, filtering both encrypted and non-encrypted traffic.
• VPN NAT Server. In this case, several ViPNet clients in a LAN work through the IP address of one coordinator. This use of the coordinator provides the secure protection of the LAN segment. It also allows you to unite your ViPNet network with another (already deployed) VPN system, if a gateway of this VPN is connected to one of the network adapters of the coordinator.
• Tunneling Server. The coordinator can be used to establish a secure channel (tunnel) to secure the traffic between different local networks.

Both the coordinator and client can be used to secure the traffic of a specific service (or all services) of a server (ie. domain controller, SMTP/FTP/web/database server).

To determine your company's most logical ViPNet network, we encourage the ViPNet administrator to answer the following questions.

• What kind of a logical VPN structure would fit best into our network?
• How many clients/servers and LAN segments need to be secured?
• How should the clients be best distributed among the coordinators?
• Do you need to install the coordinator(s) on a separate computer or is it possible to use existing servers/workstations?
• How do the integrated firewalls need to be configured once the ViPNet network is set up (ie. if default traffic from acknowledged users is not blocked by ViPNet, you should create rules for services where no ViPNet software is/can be installed).

The following question list will also help you record the required information:

• What number of VPN nodes are needed?
• Per location:
  • What number of servers have to connect to the VPN?
  • What are the operating systems of these servers?
  • What are the existing security solutions (firewalls, antivirus software, others)?
  • What is the traffic between the locations/servers/workstations (services, protocols, port numbers)?
  • What type of IP address is used on each server (public or private)?
  • How does access to the servers/gateways take place from the outside (behind a firewall and/or proxy etc.?). If yes, what is the exact configuration?
  • Which applications will be used through the VPN (databases, CRM/CMS/ERP systems, etc.)?
• Desired secure connections (who with who?):
  • Between the locations?
  • Between the VPN clients themselves?

Back to top

© 2007 Infotecs