Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
274
Views
0
Helpful
1
Replies

DMZ-out-DMZ help!

iirvine
Level 1
Level 1

‎03-19-2013 04:50 AM - edited ‎03-11-2019 06:16 PM

I have a server in our DMZ which monitors one of my https site which is also in the DMZ

Monitioring system in the DMZ 10.100.100.10 (nat-ed IP address say = 11.11.21.10)

HTTPS ip address in DMZ 10.100.100.20 (nat-ed IP address say = 11.11.21.20)

What im trying to do is monitor the external ip address of the https web site e.g.

DMZ  --> Out  "then back in"  Out--> DMZ

Is it possible to do this or is it not possible to go out from the DMZ to the external interface and for it to come back in to the DMZ?

Labels:
0 Helpful
1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

‎03-19-2013 05:04 AM

Hi,

Generally it would be simpler just to monitor the server using the local IP address since the monitoring host is in the same local network.

If you want to specifically monitor the public/NAT IP address that is used towards some other interface than "DMZ" then you will have to play around with NAT which I personally dont like myself.

You would probably need to do a NAT that has the DMZ as both the source and destination interface. Possibly also a Dynamic NAT and a "same-security-traffic permit intra-interface"

What software are you using on the firewall?

And what is you current NAT configuration?

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card