Would tremendously appreciate tips, links, or information on the following problem. . .
Consider. . .
You've got a standard/normal class c network with servers, workstations, visiting laptops, and such.
You've got three Windows servers that must remain on that network so that they can interact with the rest of the network devices and especially the Windows network domain infrastructure. However, those three servers will also be sending and receiving sensitive data that you feel you should protect from man-in-the-middle, ARP/MAC spoofing, etc.
You have been using IPSec encryption between those three servers (configured via group policy) but the performance impact is substantial.
So, via secondary network interfaces on each of the three servers, an urouted vlan, and physical switches, you're able to create a "private link" network for those three servers and give them 192.168.10.0/24 addresses.
Question: How do you preserve those three servers' ability to communicate to all other network devices and the Windows network domain while configuring them so that they *always* use the private link when talking to each other.
Hosts file? Archaic Windows command line routing commands (with which I have no experience)?
Thanks for any pointers provided!
--H
Consider. . .
You've got a standard/normal class c network with servers, workstations, visiting laptops, and such.
You've got three Windows servers that must remain on that network so that they can interact with the rest of the network devices and especially the Windows network domain infrastructure. However, those three servers will also be sending and receiving sensitive data that you feel you should protect from man-in-the-middle, ARP/MAC spoofing, etc.
You have been using IPSec encryption between those three servers (configured via group policy) but the performance impact is substantial.
So, via secondary network interfaces on each of the three servers, an urouted vlan, and physical switches, you're able to create a "private link" network for those three servers and give them 192.168.10.0/24 addresses.
Question: How do you preserve those three servers' ability to communicate to all other network devices and the Windows network domain while configuring them so that they *always* use the private link when talking to each other.
Hosts file? Archaic Windows command line routing commands (with which I have no experience)?
Thanks for any pointers provided!
--H