Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1198
Views
0
Helpful
3
Replies

DMZ Configuration

Bienvenu Ngala
Level 1
Level 1

‎10-29-2012 03:54 PM - edited ‎03-04-2019 06:00 PM

Hello everyone,

To start with I would to thank and appreciate this forum for the help and knowledge I have acquired through this as a beginner in this wonderfull technology.

My next question is this: On my home Lab I want to setup my mail (Exchange) server on DMZ.

I have a 2811 router with 3 FastEthernet interfaces ( fa0/0, fa0/1 build in ) and I added the fa0/0/0 ( HWIC 1FE). 1st posibility, I am planning to have the DMZ on a separate switch directly connecting the mail server on the fa0/0/0 to form the DMZ.

2nd posibility, I have a L3 switch ( my main switch) I can configure a DMZ vlan a restrict the access between my LAN and the DMZ.

Now what is the easiest way to achieve this goal and how to configure the ACLs to restrict both subnets and finally how the router facing the internet will know this DMZ subnet to allow internet access only.

Best regards,

BEN

Labels:
0 Helpful
3 Replies 3

Reza Sharifi
Hall of Fame
Hall of Fame

‎10-29-2012 07:10 PM

Hi,

If you have a switch, you can use option 1 with a separate port on the router.

Here is good link to look at with different scenarios and some configs

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/product_implementation_design_guide09186a00800fd670.html

HTH

0 Helpful

Bienvenu Ngala
Level 1
Level 1
In response to Reza Sharifi

‎10-31-2012 05:16 PM

Hi Reza,

Many thanks for the instructions, I have got a second switch a c2950-24 and configured the mail server directly connected to the 3rd fa0/0/0 on the router as a DMZ they can ping each other but the mail server still not accessing the internet.

please find my configurations:

Router(config)# int fa0/1   (LAN int)

                    # ip add 192.168.30.1 /24

                    # ip nat inside

                    # ...

Router(config)# int fa0/0   

                    # ip add x.x.105.95 255.255.255.248

                    # ip nat outside

                    # ...

Router(config)# int fa0/0/0

                    # ip add 192.168.70.1 /24                                            Mail server ip add: 192.168.70.2 /24

                    # description connection to DMZ

                    # ip nat inside

                    # duplex full

ACL

Router(config)# ip access-list extended DMZ_ACL

                    # permit ip any 192.168.70.0 0.0.0.255

                    # deny ip any 192.168.0.0 0.0.255.255

                    # permit ip any any

Secondly I have follow the link you sent to me unfortunately I am clueless that is not my level, what I want as a beginner is the step-by-step DMZ configuration.

I hope my explaination does make sense and I thank you once more,

Best regards,

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to Bienvenu Ngala

‎10-31-2012 07:14 PM

Hi,

Have a look at this link.  The first scenario is a router with 3 interfaces (just like yours). You also need to apply the access list to the interface.

http://www.dslreports.com/faq/15913

HTH

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card