Next: Security Improvements Up: Security Previous: IPsec Protocol
The VPN box sits on the internal network. There is no other place it should be put, unless the companies network infrastructure allows for that (DMZ for example). Some example implementations have dual-homed VPN-boxes. I consider that very insecure, as an intruder may bypass all firewall systems because he has control over the VPN box and can therefore hide traffic.