_valkyrie_
asked on
One Way Forest Trust To Web Server
I've been tasked with bringing our company onto a single sign on platform. In doing this though, I've come across some security issues with our web server.
I have a web server running Sharepoint and an FTP service. I need to authenticate users against our internal domain (corporate.ourdomain.com) on our external domain (ourdomain.com).
We have a Cisco router on site at our colocation which connects the public IP of our web server to two domain controllers internally over IPSec VPN. The external domain trusts our internal domain but not the reverse as was suggested elsewhere online rather than have a DC on our public segment.
This works for us right now but I have two concerns. Is this the best method and what ports do I need to limit the VPN to in order to best protect our two internal servers?
Both servers run MS Server Standard 2008 R2
I have a web server running Sharepoint and an FTP service. I need to authenticate users against our internal domain (corporate.ourdomain.com) on our external domain (ourdomain.com).
We have a Cisco router on site at our colocation which connects the public IP of our web server to two domain controllers internally over IPSec VPN. The external domain trusts our internal domain but not the reverse as was suggested elsewhere online rather than have a DC on our public segment.
This works for us right now but I have two concerns. Is this the best method and what ports do I need to limit the VPN to in order to best protect our two internal servers?
Both servers run MS Server Standard 2008 R2
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.