Where to Deploy the SSL VPN server
As discussed in Chapter 4, proper deployment of an SSL VPN server within enterprise infrastructure is critical for ensuring a secure implementation.
We will now examine the pros and cons of locating the SSL VPN server in various locations within a typical organization's infrastructure. (None of these architectures is perfect; it is important for people considering deploying an SSL VPN to understand the ramifications of using each architecture before deciding on which one to choose.)
Back Office
One option is to place the SSL VPN onto an internal network as shown below:
Pros
Locating an SSL VPN on an internal network offers the following benefits over alternative architectures:
No ports other than the one for SSL (and maybe also for regular
HTTPso users who do not typeHTTPScan be redirected) need to be opened in any perimeter firewallsDecryption of SSL-encrypted traffic is performed in the secure back office
SSL keys are stored on a secure network where they...
