(ASCEND) Question about security

To: ascend-users@max.bungi.com
Subject: (ASCEND) Question about security
From: Paul Monaghan <paulm@ican.net>
Date: Wed, 5 Nov 1997 21:27:15 -0500 (EST)
Sender: owner-ascend-users@max.bungi.com


Hey All,

We are configuring a customer on a pipe 50 to dialin to another pipe 50 or
a MAX 1800 connected to the customers corporate LAN.  Can anyone tell me
if there is a way to prevent the employee of the above customer from
connecting his other b channel somewhere else?  The company we are doing
this for wants employees to connect using 1 b channel so that they don't
have to get to many ISDN lines.  But they don't want their employees to
conect to the corporate LAN with one B channel and to the Internet with
the other for obvious security concerns.  Is there any way to do this?  I
figured we could, at least in the short term, require 2 b channels so that
they can't do anything with the other channel.  Yet, I do believe that
there is no way to force the use of 2 b channels.  Sure the pipe 50/1800
can be configured as minimum channels = 2 but I think that if only
one will connect, perhaps the other is already connected to the Internet,
then the 50/1800 your dialing into will happily except only 1 channel.  Is
this correct?  Does anyone know of a way to acomplish what I'm doing a
terible job of explaining here? 

On another note, does anyone have a good source of VPN info?  The above is
the first phase.  In the second phase we will eliminate the dialin 50/1800
in favor of using us as the dialin POP to a corporate VPN for the client
above.  We were thinking, once it's shipping, using the Pipe 220 on the
client end with Secure Access 2.0, and a Pipe 50 at the employee end with
Secure Access 2.0 both configured with IPSec.  The employee would then use
PPTP on a Windows 95 machine and have secure access accross the Internet
to his corporate LAN. Anyone know of any better solutions? 

TIA
Paul.

--
Paul Monaghan (PM1819, paulm@ican.net)
Technical Team Leader - Internet - ACC Telenterprises Ltd.
bobCode: KItpd lWm EMC++ m7 CPE B0 Ol Lb SC Tx A5 H9o b2

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

Follow-Ups:

Re: (ASCEND) Question about security

From: Phillip Vandry <vandry@Mlink.NET>

Prev by Date: Re: (ASCEND) DHCP Spoofing/P75 Address Robbing
Next by Date: Re: (ASCEND) Ap33 - Weird Problems
Prev by thread: (ASCEND) RADIUS ----> LDAP Query?
Next by thread: Re: (ASCEND) Question about security
Index(es):
- Main
- Thread