Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1498
Views
0
Helpful
2
Replies

CAN I MAKE DMZ on CISCO ROUTER 1841.

mmtantawi
Level 1
Level 1

‎11-13-2006 05:03 AM - edited ‎03-05-2019 12:46 PM

Dear All,

i have here in my LAN, one Cisco Router 1841 with its default things ( 2 FE , 1 Console Port , 1 AUX Port , 2 Slots Empty ).

Now, The First Interface on the Router is have Real- IP and it connected directly to The ISP Router, for Internet Connection.

The Second Interface which is F0/1, is connected to My LAN and have the Internal IP Address which is 192.168.1.100 / 255.255.255.0 .

and all the users have the Default gateway which is 192.168.1.100.

now, all the Users access INTERNET through this Router exactly.

Now, we do not have here any Firewall at all between the internet and our LAN, except this Router.

Now, i have a FTP Server I Need to Put it and Setup For the Users who they are outside my organaization to access it from the internet in any where in the World.

so, i need to Implement DMZ on my Router.

so, as the DMZ definetion say, its

[small subnetwork that sits between a trusted Network LAN, & Untrusted Network such as Internet ] .

so, what i did is, i Purchase one modular Router which is HWIC4, and i plug it in the Router.

so, by doing this do you think i am correct on the following :-

1-increase the router ability to serve more than 1 Network .

2- Can i consider each Interface on the HWIC a sepearate DMZ, becasue each Interface will have its Own IP Address .

Please Update me .

do you think, only i am correct on the Idea it self or Not ?

Labels:
Preview file
38 KB
0 Helpful
2 Replies 2

amit-singh
Level 8
Level 8

‎11-13-2006 05:10 AM

Hi,

Yes, You are correct and you can use the IOS firewall feature set on the Cisco IOS to have the zone-based Policy service and use the other security fetaures to secure your Network. For this you should have Advanced security IOS on your router.

Please see more info on IOS firewall:

http://www.cisco.com/en/US/partner/products/sw/secursw/ps1018/products_data_sheet09186a0080117962.html

HTH,

-amit singh

0 Helpful

CyberDjinn
Level 1
Level 1

‎11-13-2006 05:13 AM

is the module HWIC-4ESW?

You can't apply ip address on physical interfaces of the module. It's a module feature.

But you can create more then one VLAN (one vlan for each DMZ network).

(config)# vlan X

(config-vlan)#name DMZ1

(config-vlan)#ip address x.x.x.x y.y.y.y

(config-vlan)#no sh

and on physican interface do

switchport access vlan X

0 Helpful
Customers Also Viewed These Support Documents