Page 1 of 1
Single-NIC Access Server and two DMZs
Posted: Sun Mar 10, 2013 3:19 pm
by ron
Hi everyone,
I'm planning to install a Single-NIC Access Server on DMZ-1, which will have a public IP address. The goal is to provide access to a certain server which sits on DMZ-2 and has a private IP address (10.10.10.100).
Is this configuration possible? If YES, how do I go about it?
Thanks...
Re: Single-NIC Access Server and two DMZs
Posted: Tue Mar 12, 2013 11:33 am
by ron
Anyone?...
12345
Re: Single-NIC Access Server and two DMZs
Posted: Wed Mar 13, 2013 10:12 am
by mwandelaar
This is pretty much not possible because with a single-NIC server DMZ1 and DMZ2 needs to be connected on the same physical network and therefore it aren't 2 DMZ's anymore, unless:
- The server will act as a "lollypop" router and forwards the packets from the network to a firewall which seperates the 2 DMZ's. But then technically your server is not in DMZ2
or
- Configure the server it can handle VLAN's. Configure one VLAN-tag inside DMZ1 and another VLAN-tag in DMZ2. Allow trafic from the VPN-interface into DMZ2 (via the VLAN). In this setup your server is again some kind of lollypop-bridge between the 2 DMZ's
Both setups has there advantages and drawbacks. In the first setup you have a different machine which can control and inspect traffic on the separation-point between the 2 networks and the security isn't entirely relied on a single device. But is more complex to build.