Hello
I administer a 1500 node network for a public school system. I have a PIX 515U installed as the firewall with an ISA server behind it in integrated mode (another firewall). I have been providing VPN access by using ISA and PPTP after configuring the PIX for passthrough. The VPN was used only by me at first but it has slowly grown to include 5 employees and a few outside vendors that support some of our application servers. Now I am being told that the police department requires remote access to some of our video surveillance servers and several other vendors as well as an entire department within the school need access too.
My first thought was to remove ISA as a firewall which had complicated using the PIX as a VPN device but I am wondering if it would not be better to simply purchase a dedicated VPN device. Could I install it parallel to the PIX? I need a good solid solution that includes a method of checking clients to ensure they adhere to a strict policy including having a current antivirus installed. If possible I would also like to put them on a seperate VLAN of my network which is based on Cisco.
Any ideas??
thanks Ned Hart