Help DBA and Programmers shut out after site Move.

William Kimandu · ‎02-17-2005

I am hoping that somebody will help me with this problem.

This week we Moved a group of application programmers to a new site due to

office space needs.

However we have a DMZ that is accessible from the internet for our customers

B2B business. Problem is we dont route that DMZ inside our Frame Relay

cloud.

And right now, the remote site cannot access the servers to manage, drop

code or maintan the apps.

For security reasons we do not want to route the internet facing DMZ through

our Global WAN. i have tried several solutions and none is working.

Before they were able to access their servers because we could use a static

gateway in one of our internal firewalls. So you still were in the WAN FR

but it was also local in the sense that the firewall has an interface in our

LOCAL LAN. We then PATTED the whole internal range. This time address

translation will not work because you still need to route the destination

address.

Can anyone suggest a solution.?

ehirsel · ‎02-19-2005

I want to make sure that I understand your new topology correctly, reflecting the new site where the app dev staff resides. I assume that the servers did not move, and the remote site that you refer to is not a customer B2B site, but rather the new site where the app dev staff resides. Is that correct? If so, then run an IPSec vpn between the router has an interface in the new site and the router that has an interface where the servers reside. This way you can keep the subnets you want hidden from the global routing table by protecting them by configuring the router that is in front to use IPSec for any traffic to and from that subnet.

Let me know if this was of any help.

ehirsel · ‎02-25-2005

Just following up to see if my prior post was of any help.