Suggestion needed!!
- From: tim S <tim724342@xxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Fri, 8 Oct 2004 06:50:48 -0700 (PDT)
I have the following requirement:
I have a customer who wants to setup a VPN connection using their hardware VPN
appliance to our site to access resources in three internal servers. This VPN
connection will be persistent. I want to make sure that the customer can only
access those three servers and nothing else in the internal network. Likewise,
I don't want none of my internal users has access to those three servers except
four people. Also, one of those three servers will need to have access to an
SQL server in the current internal network.
My current network setup: I have a ISA 2000 that sits between public internet
and internal network. There aren't any routers in the internal network. All
internal clients and SecureNat serves directly connect to the ISA. I have only
one ISA license.
I was thinking about splitting the current internal network into two subnets
(like 10.10.10.0/24 and 192.168.1.0/24) with a windows 2k or 2k3 router and
setup packet filters on the interfaces. The 10.1.1.0/24 is current internal
network. Add the new subnet ID 192.168.1.0/24 to the ISA LAT. I was thinking
about placing customer's hardware VPN appliance outside of ISA and let the
traffic through external NIC of ISA. The VPN appliance will have the preset IP
numbers that I tell them. How do I make sure that any request from the
customer only goes to the new subnet?
If there is any simple approach, I would really appreciate your suggestion.
Thanks
TS
---------------------------------
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.
Other related posts:
