I am a developer who has built out a web application on an internal web server that is joined to the domain at my client. the client wants the web app available to the internet. we currently use a cisco VPN appliance for remote users, but want to use a simple web-page login instead. Network admins are telling me to build a web server to put in the DMZ. Should I build out an new box and move all of my apps from the internal box to the box in the DMZ or should I just move the internal box to the DMZ? I am running IIS7 and MS SQL Server for my custom app, but also am running a third-party map development service which I iFrame into my custom app. There is also a NAS device joined to the domain that my users access through the web application. I am just thinking - why should we build a whole new box and move everything? is there a way to setup the DMZ box to iframe the internal site? or maybe a redirect that happens after a user is authenticated. I am using a PHP LDAP script to authenticate users. I am pretty confused on this whole thing....Just trying to get my internal web application available to the internet without opening up the internal network to the internet. The idea is to let internet users get to a login page on the DMZ box, and then let authenticated users into the internal network where they can use the web application and access to files and folders on the NAS device, and use the third-party mapping software service.

thanks in advance for anything/everything.