Ask the Expert

How to make a DMZ server and a VPN coexist on a customer's network

If I install a VPN firewall router for a customer, will it be affected in any way by the setup of a DMZ server? In other words, would a DMZ server and a VPN be able to coexist?

    Requires Free Membership to View

This is certainly possible although the details will vary depending on the equipment that you choose. One popular way of doing this is to have 3 ports on your firewall, one of which leads to a completely separate DMZ segment. This has the advantage of isolating the publicly accessible portion of your customer's network from the private part, thereby enhancing security.

Assuming you are planning on using IPSec as your VPN, you will want to ensure that you configure its policy to allow non-VPN packets to bypass IPSec. RFC 2401 has more about IPSec policies, but you will need to consult your firewall/VPN's user's manual for details on the default policy and configuration.

This was first published in July 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: