Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
467
Views
0
Helpful
2
Replies

Allow public IP address in DMZ

michaelsrpersaud
Level 1
Level 1

‎03-31-2015 10:00 AM - edited ‎03-11-2019 10:43 PM

Hi guys,

 

I'm trying to set up {as per our phone guys} a phone server in the DMZ. The requirement is to have a public address (from our outside scope /29) assigned to this server and it has to be public on the internet to sync with an external system. I tried to put it in a DMZ and have the traffic pass to it. I tried putting an IP on the DMZ interface and also without an address on the DMZ interface but neither works. I can see traffic coming in but nothing going back.

Is there a way to have the server have that public IP and be in the DMZ and not to be NATTed? If so or not then how? Any suggestions would be appreciated.

Thanks

Mike

Labels:
0 Helpful
2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

‎03-31-2015 10:26 AM

Mike

Is the outside interface also using an IP from the /29 ?

If so then no you can't do this without breaking up the subnet or making the ASA transparent but you won't be able to do that really with DMZs etc.

You are either going to have to NAT it or break up your /29 into two /30s and use one of them for the DMZ interface and the other for the VOIP server.

But I suspect some of those IPs are already in use ?

Edit - or obviously you could ask for another public IP block from your ISP.

Jon

0 Helpful

michaelsrpersaud
Level 1
Level 1
In response to Jon Marshall

‎03-31-2015 10:59 AM

Thanks for the quick reply Jon, we are using addresses from the /29 and yes the outside is in the /29.

The second subnet sounds familiar as that is what they had before the IP got changed by the ISP.

 

I did something earlier and did see traffic flowing back but it was always on port 0. I just cant pinpoint what i was doing at that time. I'm doing some more testing and hopefully someone else has some additional ideas.

 

Thanks
Mike

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card