This isn't unique, in fact, unless you allow the VPN to listen in the first place, there is no way for people outside of your perimeter to hit the VPN.Quote:
the only way is to open firewall rules
Word to the wise:
1) Only open the ports necessary for the VPN to operate. In my case, only port 443 is exposed.
2) Select an architecture that will suit growth. There are 3 major VPN architectures. Parallel, In-line and toaster. Each has its advantages and disadvantages. Again, requirements will steer you towards the appropriate choice. In my case, I have a toaster mode setup.
Anyway, I'd draw the pictures of each but google can do that for you much quicker.
