Question

Has anyone modeled corporate VPN?

  • 9 January 2024
  • 2 replies
  • 81 views
B
Userlevel 2

Hey Folks!

I’m looking to find out if anyone has modeled their corporate VPN access - maybe using Synthetic Devices - in such a way that allows you to search for user workflows to determine if they are allowed, and have them properly modeled as coming in through the VPN Firewall instead of at the switch VLAN. We are looking to create intent checks for access through our VPN.

 

Happy NQEing!

Like Internet BGP, we are all constantly converging on our best selves. Give Grace!

2 replies

D
Rank

Hi @BDrinkard, this sounds like something that would work using a synthetic Intranet node . For clarification, is this for site-to-site VPN or client-to-site VPN? Thanks

J
Rank

@BDrinkard for a client-to-site VPN, you can also use an Edge node to represent the pool of client addresses. One benefit of an Edge node over an Intranet node is that path queries can use either the node name or any address in its network as the entry point using the from keyword. For example, if you create an Edge node for network 10.0.0.0/24, you can build a query using “from 10.0.0.2 ...” or “from vpn-edge-node ...”, which would start from the Edge node. If using an Intranet node, you can only use its “self” interface to source traffic from it: “from intranet self ...”.

Reply


Badge winners

  • Community Champ Award
    Tyson Henriehas earned the badge Community Champ Award
  • Community Champ Award
    cariddirhas earned the badge Community Champ Award
  • NQE Contributor
    cariddirhas earned the badge NQE Contributor
  • Founding Member
    dnagyhas earned the badge Founding Member
  • Founding Member
    n3rdmanhas earned the badge Founding Member
Show all badges
Terms of UseCookie settings