0

Consider the diagram on attached pic, which shows a typical DMZ Web server configuration. How can this architecture be upgraded by appropriately adding a VPN (Virtual Private Network) for dedicated users?

Pic showing: Typical DMZ Web Server Configuration enter image description here

Dark angel
  • 1
  • 1

1 Answers1

0

The DMZ is generally used for all Internet requests that are not specifically aimed somewhere else. Your exterior firewall can be set to point the VPN traffic (by port number) to the external port of the interior firewall. The interior firewall, if it doesn't directly support VPN, can be set to pass it through to a VPN host inside. Then all you have to do is provide credentials for your dedicated users. I use OpenVPN for this job, and the port they use is, if I recall correctly, 1189 TCP and UDP.

tsc_chazz
  • 905
  • 3
  • 14
  • Thanks for your replay, So on the attached diagram (Attachment) do i have to put the vpn in the area where the corporate severs is? – Dark angel Nov 03 '22 at 11:46
  • The end point of the VPN should be in the network that you want the user to have access to. So that is correct - the VPN endpoint host should be in with the network servers, and both firewalls need to be set to pass VPN traffic through inwards, the first one to the second, and the second directly to the VPN host. – tsc_chazz Nov 03 '22 at 15:06
  • Thank you so much for the explanation. – Dark angel Nov 03 '22 at 19:11
  • Apologies for the thinko above there - the VPN endpoint should be in with the _corporate_ servers. – tsc_chazz Nov 03 '22 at 23:22