Can someone confirm me if it's not possible to put a mapping in firewall so that DMZ request is able to call the web service internal. (Dyanmic Routing / Static Routing)
I can not use the VPN option
Few options spring instantly to mind:
1) Configure IPSec and authenticated pass-through on the firewall and respective machines. Quick,easy and about as secure as you can get (assuming you're using an IPSec aware firewall).
2) Multi-home the server so that it has a secondary network that can be used solely for communication with the webservice providers. Messy and a little tricky to configure securely.
3) DirectAccess could be used to provide a VPN-like solution without a VPN. Bit heavyweight if you don't really have reason for external clients to have access into the network (for remote working etc). Also has a big dependency on IPv6, which can still be something of a stumbling block.
There's also service bus - have a service bus connection tunneling through to the secure service, then ADFS to auth it (which is what I've ended up doing for a couple of things)
Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.