login to NT domain server behind a firewall
Posted on 2005-04-22
We want to restrict access to a server with medical data, and are thinking doing it with a second firewall in our network between the LAN and this server.
something like the fig. under:
internet <-- 3com secure router --> lan with win98 PC's <--- firewall 2 --> medical server/also domain ctrl.
The problem is probably that this server also is the domain controller.
We have tried to use booth another 3com secure router and a Dlink 504, and we manage to conect shares and other resources, but not to login to the domain. The domain server is on an other subnet (192.168.2.x instead of 192.168.1.x), so that's the reason i guess? I tried to define 1.x adresses on both the wan and lan side of the firewall, but that did'nt work at all.
Is there a way to route domain queries from the 1.x subnet to the server on the 2.x subnet through the firewall?
If we drop the domain login we will loose the security at login into the server.. and the goverment here in Norway demands that medical data, and access to medical data, is secured with booth access conttroll and behind some kind og two-phase protection in the network (several firewalls/proxies etc)
Sincerely Are Kristensen, Skarnes, Norway