Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1057
Views
5
Helpful
4
Replies

Set up DMZ Server by Using Cisco 2921 Router and Catalyst Switches

jivteshchahal
Level 1
Level 1

‎09-21-2017 08:02 AM - edited ‎03-05-2019 09:10 AM

We are using Cisco 2921 routers and have to connect Vlans to DMZ server and to ISP. We have done vlan interconnectivity using router at Access layer. Now we have to use router firewall between DMZ, internal Network. We have to connect to ISP and DMZ server with HTTP,FTP and TFTP services. Can you tell me about setting up router firewall , setting up NAT & PAT and getting access of Vlans to ISP and DMZ server.

Labels:
Preview file
33 KB
0 Helpful
4 Replies 4

Flavio Miranda
VIP
VIP

‎09-21-2017 03:39 PM

Hi,

  Basic steps:

 

Create an access-list with DMZ network
access-list 1 permit 192.168.0.0 0.0.0.255
ip nat inside source list 1 interface fa 0/1 overload

inft fa 0/0 - DMZ
ip nat inside
int fa 0/1 - ISP
ip nat outside

jivteshchahal
Level 1
Level 1
In response to Flavio Miranda

‎10-01-2017 10:03 PM

Thank you......I am having another problem. I do not want vlan 10,vlan 20,vlan 30 to access tftp, vlan 10,vlan 20 to access ftp.
0 Helpful

Flavio Miranda
VIP
VIP
In response to jivteshchahal

‎10-02-2017 05:30 AM

You can create an Access List denying port 21 and 69.

access-list 101 permit tcp IP DA VLAN any eq 21
access-list 101 permit tcp IP DA VLAN any eq 69

 

0 Helpful

jivteshchahal
Level 1
Level 1
In response to Flavio Miranda

‎10-08-2017 10:53 PM

At which inter face should I use .(in or out)

Preview file
33 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card