If you're able to manage a unix system, I suggest OpenBSD/PF/IPsec. I'm
using it on several firewalls, each with many legs (10+) using gigabit
networking, tied together with IPsec associations, doing nat and bi-nat.
It's Open Source, independently audited, kicks any appliances ass, and
cost you 0$ for the software. You can use CARP for redundancy and load
balancing setups, etc. More power under the hood than you'll be able to
put to use...
Also... if you're really paranoid when it comes to security, beware of
huge security corporations that resides in "Big Brother" type of
countries....
Fredrik Widlund
Andrew Shore wrote:
Simple answer is yes. But you haven't said what firewall you are using.
PIX, CISCO FW IOS and checkpoint will do this if you need to know how I
have configs for these devices.
This is often known as interface address overloading.
HTH
Andy
-----Original Message-----
From: Kelvin Tarver [mailto:ktarver@fitnc.com]
Sent: 17 February 2005 09:36
To: firewalls@securityfocus.com
Subject: Single public ip address
Is there a way to have a single ip address do the following:
1)Function as the outside interface of a firewall.
2)Use that same public ip address, and outside interface to function as
a vpn server.
3) Have the same public ip address PAT to a public web Server on the
dmz.
The goal is to have the outside interface of a firewall, vpn server, and
a public webserver to share the one public ip address.
Is this possible? I'm convienced it isn't possible, but I might be
missing something. Any insight on this issue would be greatly
appreciated.
Thanks.
