well, a sound solution regarding firewalls is perhaps something like this:
Code:
internet
     |
     |
     |        
     |        
    FW-------- FW/DMZ -- WEB/ETC       
     |          (|        )
     |          (| <- vpn )
     |          (|        )
    FW------------ Cli-net
     |        |  |- Cli-net
     |        |---------------VPN-net  
     serv-net

or something similar.

Edited by Björn (2006-12-29 10:31 AM)
_________________________
as long as it works - why fix it?
If it doesn't work - kix-it!