Re: Back to Back DMZ Testing

  • From: "Jay Schwarzkopf" <jschwarzkopf@xxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 7 Aug 2001 12:50:18 -0400

I've only done sonicwall and pix VPNs (with ISA servers being the internal
firewall).  If you do have back to back, you might want to consider using
different firewalls, so if hacker can compromise vulnerability in one, must
still find vulnerability in other.

In any case, you can do VPN gateway (mall) to gateway (external ISA), and
then publish AD, LDAP, DNS, etc on your internal ISA.  You might also be
able to pass the VPN through the external and do gateway (mall) to gateway
(internal ISA). But then I believe you will be limited to PPTP.



----- Original Message -----
From: "Denis Alex Gathas" <denis@xxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, August 07, 2001 8:49 AM
Subject: [isalist] Re: Back to Back DMZ Testing


> http://www.ISAserver.org
>
>
> Jay,
>
> I'm looking for VPN from external through to internal.
>
> Look the scenario:
> - I have to put some computers stations at the mall conected with
> Internet.
> - At the office I have an back to back with "private DMZ".
> - I'd like that, when someone turn On the computer's mall it automaticaly
> make an VPN whith office and do the authenticate at Active Directory,
> taking the Group Police for that computer.
> - The stations are W2K Pro with single user mode.
>
> Do you have some idea how to build this ?
>
> Thank you
> Denis Gathas
> Sao Paulo - Brazil
> ps - Sorry about my english
>
>
> > Are you looking for VPN from perimeter network to internal network (for
> > example, so don't have to publish LDAP, GC, RPC, Kerboros, etc for Front
End
> > OWA), or for VPN from external through to perimeter network?
> >
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
jschwarzkopf@xxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 08-2001