On Mon, 28 Aug 2000, Charles Nzerem wrote:
I am in the planning stage of a VPN implementation solution, and I have
chosen to do a hardware solution type. The current network flow is
Users -------
Switches--------Firewall--------Router-------Internet.
I want to know at what point in the network flow will be the best to place
the VPN device without compromising data security, and at the same time
achieve minimal reduction in transmission performance.
While the last thing I want to do is promote the use of the IETF list as a
network help line, let me note that we are asked this question regularly
by folks at our campus who have heard that VPNs are cool, and that we find
them rather to be of very little (or even negative) value in most cases.
We have (which is to say, my colleague Terry Gray has) written up the
arguments supporting this position at:
http://staff.washington.edu/gray/papers/credo-long.txt
http://staff.washington.edu/gray/papers/credo-short.txt
which are respectively the exhaustive and more-readable versions.
I think our arguments are consistent with other rants on the benefits of
end-to-end communication which have become a staple of this list.
Comments welcome.
- RL "Bob"