hmmm if I read this right ( in my hasty perusal of your message ) I would
think that you could set up a router at the remote site that had routes to
the various internal networks.
In addition there would be a default route for any unknown networks ie:
any networks external to your company, that would point at the Internet
link for the remote site.
So, when someone at the remote site wanted access to an internal network,
the traffic would flow across the WAN link, since the destination is an
"internal" network. Conversely when the destination was an external
network the traffic would go out the ISDN link or whatever.
Hope that answers the question.
===================================================================
Larry Chin {[EMAIL PROTECTED]} Technical Specialist - ISC
Sprint Canada 2550 Victoria Park Avenue
Phone: 416.496.1644 ext. 4693 Suite 200, North York, Ontario
Fax: 416.498.3507 M2J 5E6
===================================================================
On Thu, 27 May 1999 [EMAIL PROTECTED] wrote:
> Probably a very common scenario: corporate headquarters with a
> setup similar to: Internal network with private address pool, DMZ with
> public address and Internet connection via leased lines, with
> appropriate firewall / routers / proxy implementation. The DMZ has
> the proxy, email server, Web server, FTP server, name server, etc.
> Now - all remote offices are connected via leased lines to the
> headquarters (WAN setup, but with slow inter-LAN links), separated
> by routers on their own (also private addressed, obviously) nets.
> Everybody needs to get access to the DMZ (which is reachable only
> via the headquarter router, through a proxy and firewall) for email,
> etc., but I want the remotes would to get access for browsing and
> other time-consuming or resource-consuming tasks ONLY via their
> own dial-on-demand (I am thinking, perhaps using ISDN)
> connections, and appropriate firewalling at each place.
> My questions:
> 1. Has anybody implemented this type of arramgement? What would
> be some concerns / recommendations in terms of dial-on-demand +
> routing + firewalling at the remotes, when having to communicate
> with the Internet "two-ways" (through to the headquarters also, for the
> email servers)?
> 2. Any recommendations for very "financially sound" (i.e. cheap)
> solutions? I was thinking into ISDN cards on a Linux box, with the
> same box as firewall and (perhaps) masquerading, but have never
> done this (don't even know if it's possible).
>
> TIA for any hints/pointers to real life experience, or theoretical
> advises,
> Calin
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
