07-26-2011 04:03 AM - edited 03-11-2019 02:03 PM
Hi all, appologies if this is fairly basic stuff but I am relatively new to firewalling.
I have purchased a subnet of 8 private IP addresses from my ISP. 109.x.x.128/29
The ISP has placed a juniper router within our data centre which is routing purely from 109.x.x.206/30 to 109.x.x.128/29 with the ip of fa0/1 set to .129.
I have linked a cisco 5505 to fa0/1 of the juniper from fa0/0 and configured its IP to .130. I have configured NAT to translate our client pool 192.168.16.x /24 address' to the internet.
Is it possible for the 5505 to route / map my remaing private IP addresses through its external port? I have tried creating a seperate VLAN for a DMZ for our servers to sit within but am returned with a subnetting error as VLAN for my external port is all ready configured within the same subnet.
Any help would be greatfully appreciated.
Jonathon
07-26-2011 04:08 AM
Hi Jonathan,
You would definitely need to use a IP range different to what you are using for the outside interface for the DMZ. You cannot have the same subnet range on two different interfaces. Although if you have a different range on DMZ, you can nat the dmz servers to the outside interface public ip when they access the internet.
Hope this helps,
Thanks,
Varun
07-26-2011 07:04 AM
Johnathan, as Varun stated, you would need to create a new VLAN (ex. 10.10.10.0/24) using private IP Addresses and create static NATs for your servers and add access lists to allow access to servers from the outside.
static (outside,dmz) 109.x.x.132 10.10.10.x netmask 255.255.255.255
Another option would be to put the servers on the 'Outside' VLAN and IP the servers with external IP addresses. I realize that the requirement is to put the devices behind the firewall but it's another option.
Good luck
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: