3rd Party VPN Device Security One vendor wanted to install their VPN device (Cisco 800) behind the firewall. They asked us to open ports so they can establish the tunnel. Another vendor wanted to install their VPN de...--prophetes.ai

3rd Party VPN Device Security One vendor wanted to install their VPN device (Cisco 800) behind the firewall. They asked us to open ports so they can establish the tunnel. Another vendor wanted to install their VPN device (Cisco 1921) outside the firewall, but physically attached to our network. They would then be routed into our network through the gateway. (Is this even possible? This is a secondary question that doesn't have to be answered here) In general, which is more secure? What are the pro/con of each configuration?

for an ipsec tunnel i believe you need to allow the following traffic between endpoints.

ip protocol 50 ip protocol 51 udp 500

the second option sounds like their 1921 will have to be in the outside ip space of your firewall. they will terminate their traffic to the 1921 and your layer 3 protocols will take over from there.