Setting up RRAS with a DMZ
Recently ive decided our organisation needs to have a RRAS server so that people in the organisation can access their work from home.
I have decided to set up a network infrastructure that has a DMZ separated from the corporate network on a physical separate LAN behind a ISA firewall.
My question is this:
Is it possible for me to setup a RRAS server as a stand-alone server which authenticates users without being on a domain, but sends requests to an IAS server on the domain. this setup also has a one-way trust in which the domain trusts the RRAS server but not the other way.
Or..
The same as above but the RRAS server has to be on the domain, In which case will be positioned not in the DMZ but then on the local domain.
- The Main Network is protected by an ISA firewall and the DMZ is protected by another firewall (non-microsoft) (Red Hat linux???)
So can anybody advise me? Thanks!
I have decided to set up a network infrastructure that has a DMZ separated from the corporate network on a physical separate LAN behind a ISA firewall.
My question is this:
Is it possible for me to setup a RRAS server as a stand-alone server which authenticates users without being on a domain, but sends requests to an IAS server on the domain. this setup also has a one-way trust in which the domain trusts the RRAS server but not the other way.
Or..
The same as above but the RRAS server has to be on the domain, In which case will be positioned not in the DMZ but then on the local domain.
- The Main Network is protected by an ISA firewall and the DMZ is protected by another firewall (non-microsoft) (Red Hat linux???)
So can anybody advise me? Thanks!
~ wedge1988 ~ IdioT Certified~
MCSE:2003 ~ MCITP:EA ~ CCNP:R&S ~ CCNA:R&S ~ CCNA:Voice ~ Office 2000 MASTER ~ A+ ~ N+ ~ C&G:IT Diploma ~ Ofqual Entry Japanese
MCSE:2003 ~ MCITP:EA ~ CCNP:R&S ~ CCNA:R&S ~ CCNA:Voice ~ Office 2000 MASTER ~ A+ ~ N+ ~ C&G:IT Diploma ~ Ofqual Entry Japanese
Comments
-
astorrs
Member Posts: 3,139 ■■■■■■□□□□
Yes you could use the first option (keeping the RRAS server in a workgroup) and just use RADIUS (via IAS) to authenticate them against their Windows domain credentials.
http://support.microsoft.com/kb/317588 -
wedge1988
Member Posts: 434 ■■■□□□□□□□
Ok, Thanks for your reply!
So does that mean i need to have my IAS server on a domain controller? Id assume i could have it on a member server, but then that member server would have to forward the request.
I have another issue as well. We have two domains on the local network. Is it possible to set up the IAS server to connect to either domain?
Obviously if it requires another server then just forget it, but if not, then any ideas? thanks.~ wedge1988 ~ IdioT Certified~
MCSE:2003 ~ MCITP:EA ~ CCNP:R&S ~ CCNA:R&S ~ CCNA:Voice ~ Office 2000 MASTER ~ A+ ~ N+ ~ C&G:IT Diploma ~ Ofqual Entry Japanese -
wedge1988
Member Posts: 434 ■■■□□□□□□□
Anybody know? cheers.~ wedge1988 ~ IdioT Certified~
MCSE:2003 ~ MCITP:EA ~ CCNP:R&S ~ CCNA:R&S ~ CCNA:Voice ~ Office 2000 MASTER ~ A+ ~ N+ ~ C&G:IT Diploma ~ Ofqual Entry Japanese