Simple question really, is it safe to create a VPN that goes direct into the lan. Or is this really what a vpn is all about? I'm asking because it seems to be a big no-no to put an SSH server exposed directly to the public. Why would VPN be different?
Previously I was using the "AnyConnect" feature on my ASA5505, but on the upgraded 5508 they want me to pay almost 1000$ for a license to use VPN on my mobile devices - for a single consultant, this is nuts.
So - I will create a VPN into my lan using openvpn on a linux machine in the lan. I'd open and nat the port to the machine and voila. I guess at this point I'll get another IP range for my vpn.
Can anyone confirm this is the correct way to do things? or offer a better method?
Currently I have my "lan" and a "dmz" on another interface. lan priority 100, dmz priority 50, and public = 0.
Thanks.
No comments:
Post a Comment