|
Posted by Simon on July 12, 2006, 6:24 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Simon wrote:
>> Kissingfish wrote:
>>> Hi all..
>>> I'm trying to set up a VPN connection through two firewalls.
>>> My network is as follows:
>>>
>>>
>>> | Internet | - |firewall| - | DMZ | - | firewall | - | lan |
>>>
>>> Obviously I can go from the lan through the firewall, to the DMZ and
>>> through the firewall to the internet.. But you can't go from the DMZ
>>> onto the lan.. Or from the internet to the lan..
>>>
>>> I want to know if there's a way I could VPN to the lan so I can use
>>> remotedesktop or VNC to access my computer..
>>>
>>> My DMZ has a 192.168.1.x IP range, whilst my LAN has a 192.168.168.x
>>> range.
>>>
>>> If I VPN to my first firewall, I won't be able to access anything on
>>> the lan, and if I VPN to the second, well.. I can't get past the first
>>> one..
>>>
>>> Anyone ever done something like this before?
>>>
>> Why not open up the inbound ports for vpn protocols on the outer
>> firewall so that you can then vpn to the second one ?
>> simon
>
>
> Wouldn't that give the DMZ access to my LAN?
>
Depends where you are going to terminate the vpn connection. If the
internal firewall can do this then it shouldn't as access from the dmz
to lan will only be available for authenticated users. If you wanted to
VPN direct into your PC (XP pro supports one inbound VPN connection)
then you would need to open the VPN ports inbound on your internal
router as well. It would give the DMZ and internet access to the
internal machine but only on vpn the VPN ports not full access.
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map