I work on a small business network that runs on a windows server 2008 R2 domain. Right now we use a Cisco (Linksys) RV042 router to handle both VPN connections and a single Site-Site vpn. However, there has been mild-but-increasing interest in getting client VPN integrated into ADDS so that users can use their domain accounts. I also have some spare hardware around that could possibly be recommissioned into use to function as a vpn server.
The machine has only one network interface; however, the RV042 has a redundant WAN interface that can be configured as a DMZ interface instead. I'm wondering: Can I run this server connected to the DMZ so that it can perform VPN functions, while the RV042 continues to function as the router and my primary DC performs DHCP/DNS services?
Technet doesn't seem to indicate that there's much leeway concerning the dual-interface nature of VPN servers, so I'm hoping this will be a quick yes/no question.
Thanks!
Best Answer
Yes, if you run the Windows system in the DMZ, then you will lock it down via its built-in firewall.
You can also place the Windows system behind the NAT/firewall and just map the needed ports to enable VPN functionality from the Internet side. This option is probably a little more flexible for most configurations.