We have the following zones:
eth0 - Trust
eth1 - DMZ (not currently used)
eth 2 - UnTrust
eth3 - HA
We are planning a dial-up IPsec vpn from UnTrust -> 'server behind firewall' ...... but, we want to isolate the server from the other servers that are also behind the firewall.... what is the best way to do this? ..... should I connect the server to eth1 or eth3? or is there a better way?
thanks.