I run a small I.T. shop and I have a client that I'm getting stumped on how to setup.
This client runs 4 pizza shops and opened a small central corp office a few months ago. I setup a VPN between the corp office and all 4 stores with a Sonicwall TZ 205 at the corp site and TZ 105's at the remote stores. The VPN and everything is working fine.
There is now a new online ordering system that needs to go into place. The point of sale company is stating we have to have a server that accepts the onine orders on a DMZ. Then this server on the DMZ needs to talk to the PoS server at each store without breaking PCI compliance.
I'm not understanding how to do this if the PoS server at each store is on the private LAN which is also connected to the coporate VPN. There is only one port open on the DMZ server for communication, but when I call the PoS company to remote in and setup their software, they login to the DMZ server saying they can't see the store PCs on the VPN. I thought the DMZ server is not supposed to be able to see the computers on the private LAN. Wouldn't that break the protection and not pass PCI compliance?
I have attached a short PDF document from the PoS company that explains what needs to be done. After trying and trying to get this working, I can't and asking the Neowin community for support.
Either I just don't understand, but how can I make this work if we have a site-to-site VPN already in place? Do they mean we need 2 VPNs? I have another PDF document I can post if need more information, but it's just a dumbed down version of how to do a DMZ with two Linksys routers.
On another note with the alt setup, another way to do this is to have a DMZ server at each store location that handles the online orders. Then we use two routers to create a DMZ if you want to call it that. Of course that means the second router is the private LAN at each store and how do I VPN those together if the DMZ computer is the first router at the store with the WAN IP?
Focus on the first part for help. The last paragraph is my last way out if I can figure it out, but thinking I'm going to loose my VPN and then have to purchase more servers. Thanks!