I am looking for solutions on locking down VPN connections from clients to our untrusted testing domain. Basically a remote access option that we can give our clients to road test our software before we make a release to them. We have a tested way to do this via net meetings, but management want to explore all alternatives as to give the client a choice in how they want to preview it.
We currently have a majority Windows 2003 environment. We already have VPN connections available for our own staff to get access remotely We have:
- Internet Gateway
- ISA 2004
- Radius client
- Internal Master
- Radius Server
- Domain Controller
This is in our first domain A. We also have a domain B that is untrusted and used only for testing. What we want to be able to do is allow clients to VPN in on a locked down connection which takes them (or limits them) to a specific machine in domain B.
Could we use multiple Radius servers? Can our ISA in domain A forward specific VPN users (specified in domain B's DC) to domain B? Are there any other existing solutions that we could use? Something along the lines of Citrix or Terminal Services? Or is this the wrong way to go about doing something like this?
As long as the untrusted domains subnet is listed in the LAT you should be able to set up a rule to go to a particular host within that subnet. Which is esentailly what you want to do.