Firewall setup help with DMZ

Firewall setup help with DMZ
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Networking Firewalls    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Firewall setup help with DMZ Aaron Humperdoomperdink 08-31-2005
Posted by Aaron Humperdoomperdink on August 31, 2005, 3:59 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


One of my remote offices would like to connect to a server in our office.
The server will run Windows 2003 terminal server. I would like to only
allow certain internal LAN workstation access to this server via terminal
server. The remote office will connect to the server with terminal
services. I would also like to keep the server safe from the outside world.
Could I give the server the same IP address as the internal workstations on
my LAN?





There is a rough diagram below showing the above config:





Internal Network LAN (192.168.7.x)

¦

Internal Firewall (192.168.7.22 internal - 192.168.7.23 external)

¦

Terminal Server (192.168.7.53)

¦

External ISA 2004 Firewall (192.168.7.55 internal - 64.57.76.119 external)



I guess I can't do this as the terminal server will need to be on a
different subnet. Could this be a NAT address to help keep it secure in the
DMZ? Are there any better ways to do this and what would be the best way to
configure this? Also, do i need a router beteen my internal firewall and
terminal server and also one between the terminal server and external
firewall?



Thanks you for any help.



Aaron Humperdoomperdink




Posted by Leythos on August 31, 2005, 3:49 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
fasfjasiofasiofj@fasfsasfsf.com says...
>
>
> One of my remote offices would like to connect to a server in our office.
> The server will run Windows 2003 terminal server. I would like to only
> allow certain internal LAN workstation access to this server via terminal
> server. The remote office will connect to the server with terminal
> services. I would also like to keep the server safe from the outside world.
> Could I give the server the same IP address as the internal workstations on
> my LAN?

I don't do ISA, but here is what I would do if I were you:

REMOTE OFFICE (192.168.128.0/24)
VPN Appliance - bridges 192.168.128.0/24 to 192.168.7.0/24
Remote offices Internet

PUBLIC INTERNET

Main offices Internet
Firewall supporting IPSec Tunnels
VPN - bridges remote office to LAN
LAN 192.168.8.0/24
LAN (your machines + server)
LAN (Terminal Server box)

DMZ (what you need here)

In the users login profiles just enable or disable TS for them - this
lets you restrict who can use TS in either location.

Since I don't do ISA, I can't really provide an ISA type solution, but
the idea may be of help.

If you put the TS in the DMZ and it has any means to authenticate with
the LAN servers, then you've broken the reason to have a DMZ.

--

spam999free@rrohio.com
remove 999 in order to email me


Similar ThreadsPosted
Firewall setup September 15, 2005, 6:28 am
Zebedee setup through a firewall October 6, 2005, 11:31 am
WILL PAY. Need help to setup VPN between a PIX 506 and a Checkpoint 4.1 Firewall April 19, 2006, 9:45 pm
Is this setup necessary (router/firewall +) June 20, 2007, 6:43 pm
MS Server 2000 Firewall setup instructions April 13, 2005, 5:38 pm
how to setup linksys dsl router with Sonicewall SOHO 2 firewall? November 22, 2004, 1:14 pm
DMZ Setup December 10, 2004, 4:44 am
IP Cop SetUP. February 7, 2005, 3:37 am
setup January 27, 2005, 8:36 am
Netscreen 5GT PC-Anywhere Setup Help! August 8, 2004, 11:47 pm

The site map in XML format XML site map

Contact Us | Privacy Policy