Got a really tricky one here.
I have a Firewall at HQ with three
interfaces:
LAN, DMZ and INTERNET.
A remote Firewall with LAN and INTERNET
only.
I have successfully established a VPN between
LANs.
However I want to establish a VPN between the
remote LAN and the DMZ at HQ.
The problem is that it must be one way. i.e.
Remote LAN can access DMZ.
DMZ cannot access (initiate connection with)
Remote LAN.
At first we tried establishing a VPN between
remote LAN and DMZ and then adding a rule on the remote side to drop all
packetes originating from the DMZ. Unfortunately this dropped returning VPN
packets that originated from remote LAN aswell as connections initiated from the
DMZ.
Is it possible to set up this sort of one way
trust VPN?
Cheers,
-Steve
|