1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Access LAN from DMZ or Access DMZ from LAN

Discussion in 'Networking (Hardware & Software)' started by GeorgeGreek, 2007/03/31.

  1. 2007/03/31
    GeorgeGreek

    GeorgeGreek Inactive Thread Starter

    Joined:
    2007/03/31
    Messages:
    1
    Likes Received:
    0
    Some of my Windows XP LAN workstations run a VB6 application which reads/writes data from/to an Access XP database sitting on a W2003 LAN server.
    My client wants to have on-line real-time access to some of these data.
    I need to setup an W2003 IIS web server with an ASP.NET application which will read the required data from the Access database and expose them to the client (in the form of HTML pages).
    So, I need the web-facing Web server AND the LAN workstations to have real-time access at the same Access database.
    I am thinking of the following two alternatives:
    a) I set-up a DMZ and I put the Web server on this DMZ. If I do, how can the Web server have access to the Access database (which sits on a LAN server)?
    b) I set-up a DMZ and I put the Web server AND the Access database on this DMZ. If I do, how can the LAN workstations have access to the Access database (which will sit on the Web server on the DMZ)?
    Any other alternatives and how-to-s will be very much appreciated!

    Thank you in advance.

    George
     
    GeorgeGreek,
    #1
  2. 2007/03/31
    Scott Smith

    Scott Smith Inactive Alumni

    Joined:
    2002/01/12
    Messages:
    1,950
    Likes Received:
    4
    If the external clients are trusted (employees) put the server on the LAN and have the clients VPN in.
     
    Scott Smith,
    #2


  3. to hide this advert.

  4. 2007/04/01
    visionof

    visionof Inactive

    Joined:
    2006/11/12
    Messages:
    778
    Likes Received:
    5
    Hamachi may be an idea.
    You may want to purchase the premium version as it gives administrative controls.

    http://hamachi.cc/



    Hamachi is a centrally-managed zero-configuration virtual private networking (VPN) freeware application capable of establishing direct links between computers that are behind NAT firewalls without requiring reconfiguration (in most cases).
     
    visionof,
    #3
  5. 2007/04/01
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    Just setup the server and db on the same computer on the lan. No need for DMZ. Then use the router port forwarding to forward www requests to the lan ip of the server. Outside users will be able to access the server using your isp assigned ip address in a web browser: http://xxx.xxx.xxx.xxx/ Local access via web browser using http://192.168.x.x (or whatever the nat range is)

    However, as www access is open to anyone from outside I suggest using a login script to control who can access the server from the outside. You could create a simple web page that authenticates users whose credentials are stored in the access db.

    Using the DMZ is OK if you have a real full featured router, but the DMZ feature that is in home style routers made by Linksys, Netgear, DLink, etc is not a true DMZ but a stripped down version of what a DMZ really is. These home style routers' DMZ opens up the computer to ALL services on the box whereas a real router DMZ allows you to configure which services are restricted and which are available.

    Thus, if have a home style router then port forwarding or a 3rd party remote access application (VPN) is what you need. The drawback to VPN for www server access is that the client computer has to use its own resources to connect whereas a login script coupled w/ port forwarding lets the router & server control access.

    To avoid outside users from having to know or remember your isp assigned ip address you can use a service such as www.dyndns.com .
     
    TonyT,
    #4
  6. 2007/04/02
    ReggieB

    ReggieB Inactive Alumni

    Joined:
    2004/05/12
    Messages:
    2,786
    Likes Received:
    2
    Another option worth looking at is an SSL VPN system. Here is a Netgear example:

    http://www.netgear.com/Products/VPNandSSL/SSLVPNConcentrators/SSL312.aspx

    This will provide a secure proxy for you web service. These devices have only recently (last year or two) started appearing on the market. I've not had need for one myself, but I think they would be ideal in your situation.
     
    ReggieB,
    #5

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...