02-17-2005 02:53 PM
I am hoping that somebody will help me with this problem.
This week we Moved a group of application programmers to a new site due to
office space needs.
However we have a DMZ that is accessible from the internet for our customers
B2B business. Problem is we dont route that DMZ inside our Frame Relay
cloud.
And right now, the remote site cannot access the servers to manage, drop
code or maintan the apps.
For security reasons we do not want to route the internet facing DMZ through
our Global WAN. i have tried several solutions and none is working.
Before they were able to access their servers because we could use a static
gateway in one of our internal firewalls. So you still were in the WAN FR
but it was also local in the sense that the firewall has an interface in our
LOCAL LAN. We then PATTED the whole internal range. This time address
translation will not work because you still need to route the destination
address.
Can anyone suggest a solution.?
02-19-2005 07:30 PM
I want to make sure that I understand your new topology correctly, reflecting the new site where the app dev staff resides. I assume that the servers did not move, and the remote site that you refer to is not a customer B2B site, but rather the new site where the app dev staff resides. Is that correct? If so, then run an IPSec vpn between the router has an interface in the new site and the router that has an interface where the servers reside. This way you can keep the subnets you want hidden from the global routing table by protecting them by configuring the router that is in front to use IPSec for any traffic to and from that subnet.
Let me know if this was of any help.
02-25-2005 01:21 PM
Just following up to see if my prior post was of any help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide