10-29-2012 03:54 PM - edited 03-04-2019 06:00 PM
Hello everyone,
To start with I would to thank and appreciate this forum for the help and knowledge I have acquired through this as a beginner in this wonderfull technology.
My next question is this: On my home Lab I want to setup my mail (Exchange) server on DMZ.
I have a 2811 router with 3 FastEthernet interfaces ( fa0/0, fa0/1 build in ) and I added the fa0/0/0 ( HWIC 1FE). 1st posibility, I am planning to have the DMZ on a separate switch directly connecting the mail server on the fa0/0/0 to form the DMZ.
2nd posibility, I have a L3 switch ( my main switch) I can configure a DMZ vlan a restrict the access between my LAN and the DMZ.
Now what is the easiest way to achieve this goal and how to configure the ACLs to restrict both subnets and finally how the router facing the internet will know this DMZ subnet to allow internet access only.
Best regards,
BEN
10-29-2012 07:10 PM
Hi,
If you have a switch, you can use option 1 with a separate port on the router.
Here is good link to look at with different scenarios and some configs
HTH
10-31-2012 05:16 PM
Hi Reza,
Many thanks for the instructions, I have got a second switch a c2950-24 and configured the mail server directly connected to the 3rd fa0/0/0 on the router as a DMZ they can ping each other but the mail server still not accessing the internet.
please find my configurations:
Router(config)# int fa0/1 (LAN int)
# ip add 192.168.30.1 /24
# ip nat inside
# ...
Router(config)# int fa0/0
# ip add x.x.105.95 255.255.255.248
# ip nat outside
# ...
Router(config)# int fa0/0/0
# ip add 192.168.70.1 /24 Mail server ip add: 192.168.70.2 /24
# description connection to DMZ
# ip nat inside
# duplex full
ACL
Router(config)# ip access-list extended DMZ_ACL
# permit ip any 192.168.70.0 0.0.0.255
# deny ip any 192.168.0.0 0.0.255.255
# permit ip any any
Secondly I have follow the link you sent to me unfortunately I am clueless that is not my level, what I want as a beginner is the step-by-step DMZ configuration.
I hope my explaination does make sense and I thank you once more,
Best regards,
10-31-2012 07:14 PM
Hi,
Have a look at this link. The first scenario is a router with 3 interfaces (just like yours). You also need to apply the access list to the interface.
http://www.dslreports.com/faq/15913
HTH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide