Welcome to ISAserver.org

Spanning DMZ across 2 sites

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Firewall] >> DMZ >> Spanning DMZ across 2 sites

Page: [1]

Message

<< Older Topic Newer Topic >>

Spanning DMZ across 2 sites - 4.Oct.2007 5:42:51 AM

vconfused

Posts: 2
Joined: 26.Jul.2006
Status: offline

Hi,

We are running ISA 2004 SE with 3 networks, Internal, External and DMZ. We currently have our DMZ segmented using a VLAN.

We want to extend the DMZ VLAN across to another office between which we have a dedicated ethernet link. This is so we can install backup servers in the DMZ at the second site which can become available if any should fail at our primary site.

The dedicated link is currently used for resources on the Internal network to communicate with their backup counterparts at the other site with a "heartbeat" to determine if the primary servers are down and to automatically failover to the backup servers at the second site.

We are planning to extend our DMZ VLAN via this dedicated link to our second site to enable us to have a single subnet across both sites.

Is anybody aware of best practice for this arrangement and if there is a risk with the above proposal that DMZ traffic will no longer be securely separated from the internal traffic travelling across the same single dedicated ethernet link.

Any views/suggestions would be very much appreciated!

Thanks
Jack

Post #: 1

Featured Links*

RE: Spanning DMZ across 2 sites - 24.Oct.2007 8:55:57 PM

Rotorblade

Posts: 898
Joined: 27.Feb.2007
Status: offline

If bandwidth is not an issue, why not trunk it! You're using VLANs and it's segmented so have your carrier configure your circuits to support trunk tunneling and configure to trunk your Vlans to your other site.

RB

(in reply to vconfused)

Post #: 2