Hello,
because we will change our network topology, I have to find a solution for the following scenario:
- LOCATION A has an ASG with internet connection, LOCATION B is directly connected to LOCATION A via MPLS.
- LOCATION B has an DMZ with a server which must be reachable through the internet connection of LOCATION A.
What can I do?
My suggestion:
Internet -> ASG A (LOCATION A) -> NAT -> Virtual ASG B (LOCATION B) -> DMZ
For example:
A client connects to the public IP of LOCATION A (1.2.3.4), the ASG A translates the destination IP to the private IP of the server which is placed in the dmz on LOCATION B.
ASG A knows that the DMZ network is located behind ASG B.
Is this secure? Is there a better solution?
Thank you and kind regards
because we will change our network topology, I have to find a solution for the following scenario:
- LOCATION A has an ASG with internet connection, LOCATION B is directly connected to LOCATION A via MPLS.
- LOCATION B has an DMZ with a server which must be reachable through the internet connection of LOCATION A.
What can I do?
My suggestion:
Internet -> ASG A (LOCATION A) -> NAT -> Virtual ASG B (LOCATION B) -> DMZ
For example:
A client connects to the public IP of LOCATION A (1.2.3.4), the ASG A translates the destination IP to the private IP of the server which is placed in the dmz on LOCATION B.
ASG A knows that the DMZ network is located behind ASG B.
Is this secure? Is there a better solution?
Thank you and kind regards