Probably a very common scenario: corporate headquarters with a
setup similar to: Internal network with private address pool, DMZ with
public address and Internet connection via leased lines, with
appropriate firewall / routers / proxy implementation. The DMZ has
the proxy, email server, Web server, FTP server, name server, etc.
Now - all remote offices are connected via leased lines to the
headquarters (WAN setup, but with slow inter-LAN links), separated
by routers on their own (also private addressed, obviously) nets.
Everybody needs to get access to the DMZ (which is reachable only
via the headquarter router, through a proxy and firewall) for email,
etc., but I want the remotes would to get access for browsing and
other time-consuming or resource-consuming tasks ONLY via their
own dial-on-demand (I am thinking, perhaps using ISDN)
connections, and appropriate firewalling at each place.
My questions:
1. Has anybody implemented this type of arramgement? What would
be some concerns / recommendations in terms of dial-on-demand +
routing + firewalling at the remotes, when having to communicate
with the Internet "two-ways" (through to the headquarters also, for the
email servers)?
2. Any recommendations for very "financially sound" (i.e. cheap)
solutions? I was thinking into ISDN cards on a Linux box, with the
same box as firewall and (perhaps) masquerading, but have never
done this (don't even know if it's possible).
TIA for any hints/pointers to real life experience, or theoretical
advises,
Calin
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
