Site-to-site VPN to client, good idea?

Giganews Newsgroups
Subject: Site-to-site VPN to client, good idea?
Posted by:  ac130 (ac1…
Date: Thu, 6 Nov 2008

We have a new application we are hosting internally in an As/400 (all other
servers are Win2k3 servers including DC) and we need to give our clients
access to it so they can enter/edit data and upload files. The same
application is also being used internally by our employees. The data involved
is very sensitive all connections must be encrypted.

Our first test client, also our biggest, insists on a site-to-site vpn. We
have a PIX and while I am not that familiar with vpns, we can get a resource
to create the vpn if we need to, the client has a PIX as well and they will
handle the configuration on their end.

I'm very uneasy about creating a persistent vpn connection with another
organization whose security practices and policies we don't control. We toyed
with the idea of having them connect via Remote Desktop to one of our
worstations and invoke the client app from there but uploading and
downloading data is clunky and slow. I feel we are opening our doors, and
keeping them open, to people we don't know. Are my fears unfounded? Can we
create the site-to-site vpn in such a way that it prohibits external users
from exploring our network? What happens if they have a virus outbreak? What
other ideas for connecting our clients, can I explore?

Any thoughts and comments are appreciated. Thank you.