[TCLUG] VPN setup question

[Amy Tanner]

Currently the network has a separate VPN router (separate from the firewall)
that has 2 interfaces, one on the public network and one on the private
network.  I want to put the VPN router behind the firewall if possible.  
The documentation I read says the VPN router can either go between the
Internet router and the firewall, or on the same network as the firewall.

Questions:
1. Can I put the VPN router behind the linux firewall and just route VPN
traffic from outside the network to the VPN router?
2. Does the VPN router need IPs on both interfaces?  If so, do you set up
private IPs for both interfaces and bridge between them?

Basically, I'm not understanding how VPN works when you have a separate
device doing the VPN rather than the firewall doing it.  And I want to set
this up as securely as possible.

Any help is appreciated. 

-- 
Amy Tanner
amy at real-time.com