Interesting topic came up and I wanted to see how others accomplish this. Standard hub and spoke topology with DC at the hub IPSec VPN spokes to branches. Branches have LAN and WIFI routed back to user network in DC at 192.168.1.x. Our Management VLAN in DC is 192.168.99.x, an admin at a branch office wants access to the .99 network. What we have them do is RDP to a .1 server then use it as a jump host since everything in .1 is open to .99.
What do others do? I know other standards I've used for this is to have an SSL VPN for admins. A more secure approach to what we do is have ACL's denying all .1 traffic to .99 except for a specific servers that's used as a jump host.
No comments:
Post a Comment