I work for a financial institution and am looking for a better way to secure outside/vendor access to our ATM's. Currently we have a VPN device connected directly to the internet on the outside interface and the internal interface directly to our LAN. I have thought of implementing a DMZ and put the VPN devices into it, but they still need internal access to the ATM's which kind of defeats the purpose of a DMZ. We also need internal access to the ATM's for obvious reasons. I could plug the DMZ into our firewall I suppose for internal access, which would be more secure than what we currently have, but is still not a true DMZ, in my mind. Does anyone have any experience securing this type of configuration?