Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
435
Views
0
Helpful
3
Replies

DMZ?

Dale_Bosley
Level 1
Level 1

‎03-13-2006 03:23 PM - edited ‎03-03-2019 02:15 AM

I have a 1721 and a 1720 connected through their serial interfaces over a T1 connection. The internet is on the Fa0 interface of the 1721 and the Fa0 interface of the 1720 is in my LAN. Previous to this we had a Linksys router connected right to the internet. I had a server in the DMZ of that router so that when I hit the public IP address the server would respond.

Now that we've gone to this new set up I have lost the DMZ ability, Is there a way to configure these routers to either forward ports to a specific IP or to put an internal machine in the DMZ.

The way it would have to work if this is possible is to put the 1720 router in the DMZ of the 1721 and the internal machine in the DMZ of the 1720.

Is this possible.

Any configs or suggestions would be appreciated.

Labels:
0 Helpful
3 Replies 3

spremkumar
Level 9
Level 9

‎03-14-2006 02:43 AM

Hi

AFAIU from your post both the routers are placed in the same LAN connecting to different locations via T1.

Also the 1721 is acting as the Gateway router for you to go out to the outside world.(Since you got to have the internet connection on the ethernet port of the 1721 router).

I feel you can deploy the necessary CBAC functionalities in this box (1721) in which the internet link is terminated and do a simple nat based on the port no.

if you are using up or hosting the service in the normal port (80) you can just map the port number of the internal server ip to your external public ip (either spare public ip or to your ethernet ip itself).

ip nat inside source static tcp x.x.x.x 80 y.y.y.y 80

x.x.x.x being your servers ip address and y.y.y.y being your public(external) ip address which can be reached from the outside world.

do replace the port values accordingly as per your current hosting service port nos there.

if this doesnt solve your purpose do revert back..

regds

0 Helpful

Dale_Bosley
Level 1
Level 1
In response to spremkumar

‎03-14-2006 07:58 AM

Thanks for your reply. The set up would look as follows:

Server--(Fa0)1720(S0)===T1===(S0)1721(Fa0)--internet

Will I have to put this static NAT on both routers?

0 Helpful

spremkumar
Level 9
Level 9
In response to Dale_Bosley

‎03-15-2006 11:05 PM

Hi

You dont need to have Static NAT configs on both the routers to get the acces for your server from the outside world.

Static NAT configs are required to be done in the 1721 router which is connected to the internet and you need to have connectivity to the Serve from the 1721 router.

From your previous mail i felt that both the routers are in same lan and connected with T1s to different locations.

regds

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card