Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
104
Views
0
Helpful
6
Replies

CISCO C1121-4P DMZ CONFIGURATION

apalacios
Level 1
Level 1

‎08-12-2024 11:21 PM

Dear all,

I am configuring a network comosed by the next devices:

- Router Cisco C1121-4P

- Fortigate Firewall

Configuration on the router is the next: One port is confifured by PPOE, the ISP provides automatically the public IP. Another port is configured with an IP on the network 192.168.10.X/24. This network only connect Firewall and router.

If I connect all the devices and I try to navigate on internet, system allows a device to connect to internet.

The problem is when I try to connect form outside to inside, for example, to manage the firewall remotely. Something on the router is disallowing me thsi communication.

I want to ask if anyone knows any command which set router as DMZ router. I am interested on manage the traffic from the firewall, not from the router.

Thank you in advance!

Labels:
0 Helpful
6 Replies 6

DanielP211
VIP
VIP

‎08-13-2024 12:22 AM

Hello!

You will have to setup NAT on the C1121-4P. ISP interface will be nat outside, and the other one nat inside. You will also need a static nat statemet that will translate the public IP to the private IP of the firewall. Let me also note that your design dosen't seem optimal. What is the point of the router if you will direct all traffic only to the firewall? Why wouldn't you connect the firewall directly to the ISP? If you need more detailed configuration I can provide you a template. 

BR

****Kindly rate all useful posts*****
0 Helpful

apalacios
Level 1
Level 1
In response to DanielP211

‎08-13-2024 12:32 AM

Hello!

I have already configured NAT interface as you told. I configured NAT translation as overload NAT translation instead of an static NAT translatios, does it make any difference?

About the network, I also think it is better to connect ISP directly to the firewall, but it is designed by an external person who want to manage it like it. I have same opinion, it is unefficient.

Thank you!

0 Helpful

DanielP211
VIP
VIP
In response to apalacios

‎08-13-2024 12:59 AM

If you want to connect to the firewall over the internet/in your case the pppoe link to the https of the forty. You will have to create a PAT - port address translation. Something like this:

ip nat inside source static tcp 192.168.10.XX 8443 PPPOE_IP_ADDRESS 443 extendable

BR

****Kindly rate all useful posts*****
0 Helpful

MHM Cisco World
VIP
VIP

‎08-13-2024 12:24 AM

can you share the topology 

MHM

0 Helpful

apalacios
Level 1
Level 1
In response to MHM Cisco World

‎08-13-2024 12:36 AM

Hello, 

on the shared picture you will be able to see the topology. Sorry for the quality.

Preview file
13 KB
0 Helpful

MHM Cisco World
VIP
VIP
In response to apalacios

‎08-13-2024 12:39 AM

Configuration on the router is the next: One port is confifured by PPOE, the ISP provides automatically the public IP. <<- this can not config when you add FW between router and ISP !!!

MHM

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card