i have a webserver on a dmz that is accessible from anyone on the internet. I want customers to be able to sign in through https and see account information that is stored on another server on another more secure dmz.
i have already successflly configured access for customers from the internet to the webserver and i created an access list allowing the web server to access the server with cust. acct. info through http. Problem is when i test this, the page with the customer info is not displayed. i can ping in both directions between the two servers so i know the connectivity is there. i'm not sure if the traffic between the two servers should be https or if this design is even the most practical idea
The IT manager is suggesting that i move the server with the customer account info to the dmz with the webserver but i have serious security concerns about this.
Definitely do not put that customer data server in that DMZ. Have you set up an ACL that allows the http server to communicate to the more secure dmz via tcp port 80 (or whatever port the secure server is using for data transfer)? You will also need a netstat command to allow the two subnets to communicate?
Thanks all for your suggestions, unfortunately it still doesn't work. I monitored the logs and even want as far as opening full ip access between the two servers to test what would be the result. They can still ping each other but the page does not display so i'm starting to suspect its something with the configuation on the servers.
while on the subject, what would be your suggestions for a similar situation where customers need to securely access their information?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :