11-12-2013 09:03 AM
One of my clients have a GSS4900 pair for some services inside their network. Now they would ike also to use the GSS for Internet related services. The GSS pair is on the inside of the firewall and we are of course reluctant to open for DNS traffic from internet to the inside even though it's just to the GSS.
Can we use keep Ethernet 0 on the inside and config Ethernet 1 to be located on for example a DMZ if just set up proper routing in it?
my idea was something like this
interface ethernet 0
ip address 10.16.0.15 255.255.255.0
gss-communications
interface ethernet 1
ip address 212.214.212.10 255.255.255.0
ip route 10.0.0.0 255.0.0.0 10.16.0.1
ip route 0.0.0.0 0.0.0.0 212.214.212.1
The idea being that this would keep the gss inter-communication and dns service for inside on ethernet0 and ethernet1 would just answer dns requests.
Good or bad idea?
11-19-2013 10:30 AM
No one have an idea about this?
11-19-2013 11:47 AM
Hi,
I haven't tried it but i think logically it should work. You can designate different interfaces for gss communication and different for keepalives and that i have seen working fine. But as far as your requirement goes i don't think there should be any problem.
Regards,
Kanwal
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide