Solved

Need public interface open after establishing tunnel

Posted on 2003-10-24
6
212 Views
Last Modified: 2010-04-12
Here is my senerio. I have a website that I host for a customer. They have the Oracle portion hosted in NY. The current setup is, our server has a Microsoft VPN connection to their network to connect to the Oracle server. When I hit the web page from the outside with the tunnel down it obviously fails because Oracle is unavailable. And ovbiously if I connect the tunnel I can't reach the webserver from the outside because all traffic goes to their private network. So I need to have the outside interface opened up to respond to the webserver on my box as well as the tunnel up for the server to communicate with the Oracle server. And NO, hosting the Oracle server here is not an option, I asked. I know this sounds kind of unorodox but I am open to suggestions. Can someone please tell me how this can be done.?
125 points to the person with the solution (It's all I got). Thanks in advance.

Mike.
0
Comment
Question by:pakitloss
  • 3
  • 3
6 Comments
 
LVL 11

Expert Comment

by:ewtaylor
ID: 9617086
You need to enable split tunneling, at least I think that is what you are trying to do. It will allow you to route traffic not meant for the oracle ip subnet outside of the tunnel.
0
 
LVL 4

Author Comment

by:pakitloss
ID: 9617218
Yes but will it route inbound traffic from the internet to the webserver and how do you enable split tunneling?
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 9617343
I guess I am confused, the webserver is connected via a vpn to the corporate network. You are routing traffic into the webserver from the internet. Is the webserver multihomed?
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 4

Author Comment

by:pakitloss
ID: 9617493
Yes, Here is the configuration
Internet----->>Web Server<<<<<VPN>>>>>Oracle server. I need to be able to allow the server to post back to the Oracle server in order to work. I am sorry if I am sounding confusing. It has been a long day.

Thanks
0
 
LVL 11

Accepted Solution

by:
ewtaylor earned 125 total points
ID: 9621237
You should be fine, the vpn tunnel should be on the second network interface with the oracle webserver. The other interface is handling inbound from the internet. The only problem I see would be one of security, if they compromised your webserver they have an encrypted pipe to the oracle server.
0
 
LVL 4

Author Comment

by:pakitloss
ID: 9638020
Thanks,

After I realized what you mean I had it it working in an hour. Thanks. This was only a temporary thing to demo the site for the customer so from a security standpoint the tunnel was only up long enough to demo it.

0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

I've had to do a bit of research to setup my VPN connection so that Clients can access Windows Server 2008 network shares.  I have a Cisco ASA 5510 firewall.  I found an article which was extremely useful: It had a solution if you use ASDM to config…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now