Question

The partners of a small architectural firm are constantly busy with evolving client requirements. To meet the needs of their clients, the architects must visit several job sites per day. To share and send sensitive project/client information back to the office or with clients, the employees dial into the IPSec-based VPN remotely. For classified proprietary information, two separate extranets were set up with partners in the engineering firm on a server housed inside the office.

What firewall setup would provide the firm both flexibility and security? Justify your response.

Answer 1

Check the explanation

Step-by-step explanation:

IPSec-based VPN is configured in two different modes namely

IPSec Tunnel mode and IPSec Transport mode so here we are using IPsec transport mode which is used for end to end communications between a client and a server in this original IP header is remain intact except the IP protocol field is changed and the original protocol field value is saved in the IPSec trailer to be restored when the packet is decrypted on the other side due to this arrangement you need to use application based firewall because there are certain specific rules that can address the particular field (explained above-change in IP protocol field) which at the other end need to be same so at the type of decryption, original IP protocol field can be matched.