RE: VPN & SQL Issue

I think you hit the nail on the head. We are going to implement either ISA
or another monitoring utility in a few months. In order to audit internet
usage. For now our firewall offers more than sufficient security.
As for "Drop in" mode, I don't believe our Firewall has that function. But
out of curiosity why would you want your public ip on the lan & wan
simultaneously?

"Leythos" wrote:

> In article <89D06AC2-810A-4113-A43B-CF891B8289D9@xxxxxxxxxxxxx>,
> Joel@xxxxxxxxxxxxxxxxxxxxxxxxx says...
> > Hi Charles,
> >
> > thanks for your response. Here is some more information about my network
> > setup.
> >
> > >Issue description:
> > >===========
> > >
> > >I understand that you want to access the SQL database on the SBS 2000 via
> > >VPN connection establishing from SBS 2003.
> > Correct
> >
> > >Analyzing and suggestion:
> > >============
> > >
> > >Can I assume that you connect to SBS via VPN connection, then you could not
> > >access the SQL database via the file link on SBS 2003.
> > Correct
> >
> > >Generally speaking, this should be a DNS or WINS issue.
> > >As you access the SQL database through local network, you need to resolve
> > >the remote SBS 2000 server via either FQDN or IP address.
> > SBS 2000 server is resolved through IP address. The link file used to connect
> > to the SBS 2000 server also resolves through IP address.
> >
> > >You need to make sure that the VPN connection to the SBS 2003 domain should
> > >use the default gateway on SBS side but not remote side, or the traffic will
> > >not through the SBS 2003 default gateway but through default gateway on the
> > >VPN clients.
> > As far as I know this is setup correctly. I used the connection manager to
> > setup VPN on the remote workstations.
> >
> > >For your network design:
> > >
> > >SBS 2003:
> > >
> > >As you have two NICs with one hardware firewall, please make sure that you
> > >have point the default gateway on the hardware firewall's internal IP or
> > >you will encounter problem to access outside domain resources.
> > SBS 2003 External IP-->Watchguard Firewall Internal IP-->RoadRunner Modem
> >
> > >SBS 2000:
> > >
> > >We recommend use the DNS on SBS 2000 and configure DNS forward to point to
> > >ISP' DNS or point to your firewall, this will prevent many unexpected DNS
> > >resolution problem when user access internal resources such as SQL database
> > >exchange or shared resources.
> > SBS 2000's defualt gateway points to the Watchguard Firewall's internal IP.
> > SBS 2000's preffered DNS points to SBS 2003's internal IP address.
> > SBS 2000's secondary DNS points to Watchguard Firewall's internal IP address.
> >
> > >If the problem still exists, could you describe your network topology more
> > >clear, if my description below is not correctly.
> >
> > Here is my network topology:
> >
> > Workstations Workstations Workstations SBS 2000 Server
> > V V V
> > V
> > ---------------------3COM Switches-----------------
> > V
> > SBS 2003 Internal IP Address
> > V
> > SBS 2003 External IP Address
> > V
> > Watchguard Firewall Internal IP Address
> > V
> > Watchguard Firewall External IP Address
> > V
> > Road Runner Cable Modem
> > V
> > {Internet}
> > V
> > VPN Clients
>
> I just have one question, why are you using Dual NIC's if you have a
> WatchGuard Firewall?
>
> The WB appliance is a real firewall and unless you are also using ISA,
> it's doing everything you need.
>
> You could also put the WG in Drop-In mode - where the public IP is on
> the LAN and WAN ports and still provide full protection - since that's
> the way you're using it anyway (except for the NAT).
>
> We never install dual NIC's when we have a firewall appliance, and if we
> are forced to use Dual NIC's, we install the firewall in DROP-IN mode
> and then set the rules accordingly.
>
>
>
> --
>
> spam999free@xxxxxxxxxx
> remove 999 in order to email me
>
.

Relevant Pages

  • Re: Firewall on a single NIC SBS2003 Standard edition
    ... Frank McCallister SBS MVP ... > " Well, if you're wanting to run the firewall on a single NIC, you aren't ... Don't ask the server to do *everything*, ... > internet traffic from the workstations don't have to go through the SBS. ...
    (microsoft.public.windows.server.sbs)
  • Re: Non-domain connection problem
    ... You said that you "hard coded the DNS server to a known DNS on the internet: ... Connect to Internet from Internal Network ... NSLOOKUP always looks for the SBS as the default gateway. ...
    (microsoft.public.windows.server.sbs)
  • RE: Slow Web aft SP1 & ISA2004 Upgrd
    ... Leave the Default Gateway of the internal NIC blank on the SBS. ... DNS Service as the DNS Server. ... Then try accessing the internet web site from the clients again, ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: Setting another machine as a firewall
    ... I don't think a firewall is really the right technology to ... The alternative to implementing a proxy mail server on your firewall ... internet, then that is just a matter of writing filter rules to allow ... As far as DNS goes, combining a NAT'ing firewall with a mailserver on ...
    (freebsd-questions)
  • RE: Was working fine, but now I cant connect to my router.
    ... Thank you all for posting in the SBS newsgroup. ... access the internet and/or establish any connection to the router. ... server you mentioned is the SBS 2k3 server? ... you configured DNS on the External NIC. ...
    (microsoft.public.windows.server.sbs)