I am trying to set up a new and hopefully better network that we run today. I have a ADSL router/Firewall with DMZ and VPN capabilities. I also have a web/ftp server for both customers and company users that i want to put in the DMZ. And i would like the DMZ server to check its users against the LDAP server thats on the green protected LAN. All i want to do is have a centralized user handling system. Most of the users that use the WEB/FTP server are clients that doesnt have any LAN accounts But the ones coming in from the LAN, also has access to the DMZ for publishing their work. Nothing is to penetrate the firewall from neither red nor yellow network into the green one unless via VPN, and granted access via the LDAP server... Am i making any sense here? | [firewall]---------[DMZ] | |--------------[LDAP] | |--------------[USER] How would i go about this thing?? -- /Rikard ----------------------------------------------------------------------------- email : rikard.j@rikjoh.com web : http://www.rikjoh.com mob: : +46 (0)763 19 76 25 ------------------------ Public PGP fingerprint ---------------------------- < 15 28 DF 78 67 98 B2 16 1F D3 FD C5 59 D4 B6 78 46 1C EE 56 >