Problem solve Get help with specific problems with your technologies, process and projects.

Extranet environment

How can VPN and extranet be set up for an electronic relationship?
Depending on your extranet environment, you may want to use an IPSec VPN or and SSL VPN.

For a formal relationship between to companies that do business on a regular basis, an IPSec gateway based solution can work really well. Each location gets a VPN gateway that connects it to the extranet. You set up a route in your default gateway router to redirect traffic destined to the extranet through the VPN gateway. The routes are determined by address. So traffic destined for Internet is sent to the firewall, traffic destined for the corporate network is sent to the frame relay network and traffic for the extranet is sent to the VPN gateway. The nice part about this is that it requires no changes to the other devices, PCs and servers on your network and it let's you share any IP device you want to (printers, PCs, servers, WiFi, etc.)

The only caveat is that you need to make sure that you don't have address collisions between the connected networks. If each location has a 192.168.1.x addressing scheme, connecting them won't work. You'll need to either renumber one or the other network, or do some fancy network address translation.

Alternatively, you can use an SSL based solution to set up more casual relationships. An SSL-gateway uses secure socket layers to create a VPN. To anyone on the outside, the gateway looks like a web server. They just set the URL of their browser to point to it and they're connected. You can authenticate using anything from passwords to crypto-cards to certificates. On the inside, the gateway performs a function known as reverse proxy that allows it to gain access to file shares and various applications. So, a remote user or extranet member can simply use a web browser to gain secure access to a host of services include applications, e-mail, file shares, etc.

There are a lot of companies out there offering either type of solution and a lot of great choices. Hope this helps.

This was last published in November 2002

Dig Deeper on Network Infrastructure

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.