0

I have a VPS which is my public web server for all my clients. It's running server 2008 and I would like to have it connect via secure connection to my internal LAN. I would like this to be a route so access is bi-derectional.

Have read about Server & Domain isolation, but am concerned this may prevent public views to the webs sites on the server.

I currently have a PPTP tunnel, but I'm wanting better security (IPSec or SSL etc) and it's not given my bi derectional access. (In fact my backups aren't copying accross but this could be an acl issue)

The goal is to provide easy/automated backups of data & sql db's to my internal LAN, as well as a means to provision new sites & db's from a workflow occuring internally.

Internal lan is windows based with ISA 2006 at the perimeter.

Thanks

DefSol
  • 48
  • 4

1 Answers1

0
  • PPTP is totally fine if properly configured. IPSEC or SSL are simply not more powerfull.
  • PPTP can also give you full bidirectional access.

I have a similar setup.

  • Small office
  • Computering cluster at hoster.

Both are connected using a PPTP connection (easier to set up than SSL or IPSEC). I made sure I dont allow weak authorization protocols.

I then have set up proper routing on both ends. Works like a charm.

People (employees) also can log into the server cluster (actually one big server running Hyper-V instances) and access the whole network.

You seem mostly to have a problem setting up your routing properly. PPTP is fully capable of doing this.

TomTom
  • 51,649
  • 7
  • 54
  • 136
  • Thanks TomTom, Just our of interest, are you running ISA at the perimeter of your internal network? Reuben – DefSol Mar 25 '10 at 18:11
  • No. ISA Server is outdated. I use TMG (Forefront Thread Management Gatway, the later replacement that ALSO finally supports SIP) on our interet gateway. THat said, VPN is handled outside by other machines - because I also plan running ipv6 and TMG can only pass that one through. – TomTom Mar 26 '10 at 06:24
  • If that would not be the case, I would run TMG on both ends. That said, what I did is virtualize all my infrastructure. That allows me to put up a smallVM just for PPTP and be done with it. – TomTom Mar 26 '10 at 06:32