02-26-2003 10:55 AM - edited 03-09-2019 02:16 AM
How are DMZs usually designed? Are the systems in the DMZ usually given a private IP address and the outward bound interface(s) on the firewall are assigned multiple public IPs to corraspond with the internernal machines?
OR...
Do people assign public IP addresses to machines inside their DMZ and just use their firewall as a filter, not so much address translation?
Thanks!
-ee99ee (cmiller@intellithought.com)
02-27-2003 10:44 AM
Generally devices on the DMZ are given private IPs and the firewall will NAT for them. NAT is so common now and fast that it introduces no delay. You also always want to hide your internal addressing scheme. You will also want to NAT between your inside and the DMZ (again, hide the addressing as much as possible).
In the case of the PIX, it is assigned one public IP on the outside interface and then you apply static NAT to map the public IP to the server on the DMZ. The interface only has the one IP but will respond (ie accept and forward) to packets destined for those servers on the DMZ.
Hope it helps.
Steve
02-27-2003 11:17 AM
Thank you that is exactly what I was wanting to know. Answeres me question exactly! :-)
-ee99ee (cmiller@intellithought.com)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide