Solved: VPN DMZ connectivity

catalystexpress · ‎04-10-2013

Hi All,

I need to allow one of the vendor to park their server in our network and plan to place it in DMZ zone, but the server need secure access back to their DC and we need to publish and pull data to/from the server

Am wondering is it a good idea to allow the vendor to establish a ipsec vpn to my asa and then allow the server to go out and also need to allow my users to get and put data to the server

am not a security guy, can someone please give me some hints to get this done

many thanks

cheers..

Kimberly Adams · ‎04-17-2013

Yes a site to site VPN would be the best way to set this up. You can restrict down to just the specific IP of their DC for their system to access and then deny all other traffic to that system. As for your users, you can allow only specific traffic for data purposes too.

This will be the most secure way to get this done. What kind of ASA do you have and the version of code it is running to give you further assistance in setting this up?

Thanks and Cheers!

Kimberly

Please remember to rate helpful posts.

Thanks and Cheers! Kimberly Please remember to rate helpful posts.

View solution in original post

Kimberly Adams · ‎04-17-2013

Yes a site to site VPN would be the best way to set this up. You can restrict down to just the specific IP of their DC for their system to access and then deny all other traffic to that system. As for your users, you can allow only specific traffic for data purposes too.

This will be the most secure way to get this done. What kind of ASA do you have and the version of code it is running to give you further assistance in setting this up?

Thanks and Cheers!

Kimberly

Please remember to rate helpful posts.

Thanks and Cheers! Kimberly Please remember to rate helpful posts.

catalystexpress · ‎05-07-2013

Thanks Adams, will be implmenting this soon

cheers..