Remote Access for Server on DMZ Zone or Lan Zone (UrgentPLS)

[roger85]

Hi can you please assist.

I need to implament a new server internally in our lan and allow a remote user to be able to dial into it.

We have the following issue's that need to be taken into consideration.

1, The server will be a SQL Server and used by the entire company (currently 150user) inside the LAN.

2, From inside we need full RDP to it for admin purpose.

3, it will in the future be used as a web server too for the world, so we might put it onto the DMZ port.

4, The server will need to be part of our Domain for SQL authentication.

Our problem is we need to give one remote user full RDP/VNC to the server, he works all over the world so he will never have a public static ip address. He needs to be able to dial into the server using RDP so he can admin it. We also dont want to give him access to anything else on our LAN.

I will create a local account on the server and he can logon using this, it will not have domain rights.

I dont want to open the server up for RDP to the world as i understand this being unsecure.

I am able to provide him with our Sonicwall VPN client however this will mean he has access to the complete network.

Can we setup something in the firewall/vpn so he only has access to the server ip on the DMZ zone ?

As you can see i'm stuck here, can you please give me your thought and idea's?

Thanks

 

[roger85]

Sorry forgot to mention we have a Pro 2040 in enhanced mode.

Thanks

 

[joepc]

Setup the VPN Policy so it goes to the DMZ subnet.

You can then just open specific ports from the DMZ to LAN and LAN to DMZ. You can use MS network monitor to find which ports programs are talking on. the 2040 also will have a packet capture feature.