I'd really appreciate some advice on how to exploit an upgrade from a
BM3.7 perspective.

Current set up: NSBS 6 SP4, BM3.7 SP3: BM Server providing HTTP Proxy,
Packet Filtering with two NICs plus old Webramp ISDN router attached to
public interface, providing NAT with dynamically assigned IP address from
ISP via ISDN dial up. This is handling interenet access fine, including
mail handling via GWIA and PFA. Thanks to Craig's excellent IP Filtering
book, have been able to set up filter exceptions for the access I need.

ISDN cost is causing us to go broadband(ADSL). I have inserted the new
ADSL router (a Draytek Vigor 2600x) into the current system - which is
possible because it has an ISDN fallback connection. This router can
itself provide packet filtering, be a Radius client, do NAT, provide VPN
access, etc. The ISP provider for ADSL will provide 1 - 8 static IP

Whilst I can easily keep the basic set up I have now, I am looking for
advice on exploiting the new setup, so it is secure and if possible, opens
up remote access.

First of all, in the new set up - where should I be locating IP filtering
and NAT (if at all) - the router or the BM server?

What are the options, if any, in terms of setting up remote access - VPN?
RADIUS? etc.

Any suggestions very welcome.

Colin Quine

