Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
445
Views
5
Helpful
1
Replies

nat or dmz interface

ttuncaral
Level 1
Level 1

‎06-06-2006 10:41 PM - edited ‎03-09-2019 03:09 PM

I have a server which is located inside interface a two layer firewalled intranet of a large corporate network. I would like to make this server accessible from Internet. What would be the best practice on providing public access to a intranet server? using another interface on server which is connected to a DMZ or by NAT directly its local address to a public address?

Any help or suggestions would be much appreciated. Thanks,

turkeer

Labels:
0 Helpful
1 Reply 1

a.kiprawih
Level 7
Level 7

‎06-09-2006 01:26 AM

Hi,

Your intention is to allow outsider to access your internal server in a double layer firewall setup.

Talking about best practice, for security reason, you should relocate the server out from your internal network and put it into DMZ. From here, mapped the server DMZ IP to a public IP to allow internet users coming into the server via permitted services. If this server need to communicate with other internal servers, use ACL to open and control access/service type.

Allowing outsider to directly access your internal server, especially for large corporate network is a bit risky as should any of the internet user (or hacker) managed to find way to hack into that server, he/she has a better oppportunity to do more damage to your network/system.

Please read Cisco SAFE Blueprint, specifically for larger/enterprise corporate network environment at:

http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns128/networking_solutions_package.html

Using dual NIC is possible, but again, it will still open loophole into your internal network.

Rgds,

AK

Customers Also Viewed These Support Documents