G
Guest
Guest
Archived from groups: comp.security.firewalls (More info?)
One of my remote offices would like to connect to a server in our office.
The server will run Windows 2003 terminal server. I would like to only
allow certain internal LAN workstation access to this server via terminal
server. The remote office will connect to the server with terminal
services. I would also like to keep the server safe from the outside world.
Could I give the server the same IP address as the internal workstations on
my LAN?
There is a rough diagram below showing the above config:
Internal Network LAN (192.168.7.x)
¦
Internal Firewall (192.168.7.22 internal - 192.168.7.23 external)
¦
Terminal Server (192.168.7.53)
¦
External ISA 2004 Firewall (192.168.7.55 internal - 64.57.76.119 external)
I guess I can't do this as the terminal server will need to be on a
different subnet. Could this be a NAT address to help keep it secure in the
DMZ? Are there any better ways to do this and what would be the best way to
configure this? Also, do i need a router beteen my internal firewall and
terminal server and also one between the terminal server and external
firewall?
Thanks you for any help.
Aaron Humperdoomperdink
One of my remote offices would like to connect to a server in our office.
The server will run Windows 2003 terminal server. I would like to only
allow certain internal LAN workstation access to this server via terminal
server. The remote office will connect to the server with terminal
services. I would also like to keep the server safe from the outside world.
Could I give the server the same IP address as the internal workstations on
my LAN?
There is a rough diagram below showing the above config:
Internal Network LAN (192.168.7.x)
¦
Internal Firewall (192.168.7.22 internal - 192.168.7.23 external)
¦
Terminal Server (192.168.7.53)
¦
External ISA 2004 Firewall (192.168.7.55 internal - 64.57.76.119 external)
I guess I can't do this as the terminal server will need to be on a
different subnet. Could this be a NAT address to help keep it secure in the
DMZ? Are there any better ways to do this and what would be the best way to
configure this? Also, do i need a router beteen my internal firewall and
terminal server and also one between the terminal server and external
firewall?
Thanks you for any help.
Aaron Humperdoomperdink