Firewall setup help with DMZ

I don't do ISA, but here is what I would do if I were you:

REMOTE OFFICE ( VPN Appliance - bridges to Remote offices Internet


Main offices Internet Firewall supporting IPSec Tunnels VPN - bridges remote office to LAN LAN LAN (your machines + server) LAN (Terminal Server box)

DMZ (what you need here)

In the users login profiles just enable or disable TS for them - this lets you restrict who can use TS in either location.

Since I don't do ISA, I can't really provide an ISA type solution, but the idea may be of help.

If you put the TS in the DMZ and it has any means to authenticate with the LAN servers, then you've broken the reason to have a DMZ.

Reply to
Loading thread data ...

One of my remote offices would like to connect to a server in our office. The server will run Windows 2003 terminal server. I would like to only allow certain internal LAN workstation access to this server via terminal server. The remote office will connect to the server with terminal services. I would also like to keep the server safe from the outside world. Could I give the server the same IP address as the internal workstations on my LAN?

There is a rough diagram below showing the above config:

Internal Network LAN (192.168.7.x)


Internal Firewall ( internal - external)


Terminal Server (


External ISA 2004 Firewall ( internal - external)

I guess I can't do this as the terminal server will need to be on a different subnet. Could this be a NAT address to help keep it secure in the DMZ? Are there any better ways to do this and what would be the best way to configure this? Also, do i need a router beteen my internal firewall and terminal server and also one between the terminal server and external firewall?

Thanks you for any help.

Aaron Humperdoomperdink

Reply to
Aaron Humperdoomperdink Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.