Solved

Put server behind Cisco ISR for public and VPN

Posted on 2011-03-10
2
346 Views
Last Modified: 2012-05-11
I want to put four Windows Server 2008 boxes behind a Cisco ISR at our colocation center. These servers needs to connect with full access over VPN to our locations using the router and they also needs to serve specific ports over public IPs. I originally had intended on using the two LAN adapters in each server, one for the private access and one for the public access but I forgot that you cannot have two gateways setup on the OS.

I'm guessing I need to use their public IPs, with 1 LAN adapter each connected to the router. Then create a VPN connection from the location to the colocation router, connecting to those public IPs instead of private IPs. But I want to make sure that private information doesn't leak out and only traverses the VPN (or within the EHWIC switch on the router) and never exits over the GE0/0. I could use ACLs to do this, but I'm just checking if I'm going in the right direction or if I should do something else, or if my original idea would work somehow.

How should I go about setting this up properly? I attached a diagram of my original idea.


config.png
0
Comment
Question by:_valkyrie_
2 Comments
 
LVL 18

Accepted Solution

by:
jmeggers earned 500 total points
ID: 35102539
I suspect this doesn't really answer your question, but from a networking perspective, the traffic will flow.  This is done all the time with servers in a DMZ and allowing access from VPN clients.  I don't see much point in trying to dual-home the servers on two different VLANs, I don't think it buys you much.  

But that's not going to solve what is really a DLP issue.  Not everyone may agree, but my take is if you're concerned about data leakage, try to keep the private data off publicly accessible servers, at least as much as possible.  If the VPN users need to get to different data than you want to allow via public access, treat them differently ad use AAA to control access where you need to.

0
 
LVL 2

Author Closing Comment

by:_valkyrie_
ID: 35113125
I'm not going with the dual LAN idea. I switched it to a bridged interface on our router and will be using ACLs to keep data from flowing in the wrong direction.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question