Configuring a server for VPN and Internet access
I have an intranet and a DMZ for
my company. We're protected with a PIX unit, and we are using a
Cisco router as well as several SMC hubs for internal,
external and outside routing. I am also using two NICs
in the DMZ server.
We have established a VPN on our Exchange server (internal),
and also the server has access on one IP for Web Access Mail.
Anyhow, when you go outside of our network and log in to
the VPN, it comes up fine. The problem is that once in,
we can browse the intranet and access anything we need
to. But we cannot access the Internet. The VPN server has
complete access to the outside for broswing, etc. How can
I configure this server to assign the right info to the
authenticated user for not only VPN internal access,
but also so we can browse the Internet on the VPN?
Without looking at your specific situation, I can't be sure
what the problem is. However, it sounds like a routing issue.
For packets to go from one NIC to the other, the server needs
to be able to act as a router. Depending on your server type,
you might be able to set up this type of routing within the
server. Or, you may be able to tell the VPN connection to
use the other NIC as a the default gateway for the Internet.
In any event, the problem is routing, and a network engineer
should be able to look at your setup and figure out the correct
For more information on this topic, visit these other SearchSecurity resources:
Best Web Links: Infrastructure and network security
This was first published in June 2002