cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
582
Views
0
Helpful
2
Replies

Allow public IP address in DMZ

Hi guys,

 

I'm trying to set up {as per our phone guys} a phone server in the DMZ. The requirement is to have a public address (from our outside scope /29) assigned to this server and it has to be public on the internet to sync with an external system. I tried to put it in a DMZ and have the traffic pass to it. I tried putting an IP on the DMZ interface and also without an address on the DMZ interface but neither works. I can see traffic coming in but nothing going back.

Is there a way to have the server have that public IP and be in the DMZ and not to be NATTed? If so or not then how? Any suggestions would be appreciated.

Thanks

Mike

2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

Mike

Is the outside interface also using an IP from the /29 ?

If so then no you can't do this without breaking up the subnet or making the ASA transparent but you won't be able to do that really with DMZs etc.

You are either going to have to NAT it or break up your /29 into two /30s and use one of them for the DMZ interface and the other for the VOIP server.

But I suspect some of those IPs are already in use ?

Edit - or obviously you could ask for another public IP block from your ISP.

Jon

Thanks for the quick reply Jon, we are using addresses from the /29 and yes the outside is in the /29.

The second subnet sounds familiar as that is what they had before the IP got changed by the ISP.

 

I did something earlier and did see traffic flowing back but it was always on port 0. I just cant pinpoint what i was doing at that time. I'm doing some more testing and hopefully someone else has some additional ideas.

 

Thanks
Mike

Review Cisco Networking for a $25 gift card