Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
448
Views
5
Helpful
1
Replies

need help with basic switching

srinivas74943
Level 1
Level 1

ā€Ž09-15-2020 11:51 PM

our  network is interconnected with LAN(10.40.x.y) and WAN(DMZ 10.2.8.x) . Customized Centos firewall and NAT router separating both LAN and WAN.Now we need to give our LAN Web server and email server into WAN's DMZ so that our sister organization will access the internal LAN services via DMZ.For which we have extended our WAN's DMZ  into a separate vlan( vlan75) in our LAN (10.40.x.y) .It  is physically not possible to extend DMZ

Now we are giving our webserver in vlan 75 for WAN DMZ with one NIC interface and with second NIC existing LAN webserver(vlan 2) is running.

And mail server is on different vlan (32) But both webserver and mail server connected via same switch catalyst 2960 seres SI .For mail server, as it is on different vlan(32) only one connection  is working .If we disable one ethernet(NIC) then only other  connection  is working and vice versa .This is observed also with ping command.

For webserver (on vlan 2) sometimes both NIC interfaces working and services also .But sometimes  it is same as it is happening with mail server.

I require both mail and webserver should work on both LAN and DMZ same time with dual NIC interfaces.

Access switches are physically connected to L3 switches with different vlans.

webserver and mail server are running on Centos7

Labels:
0 Helpful
1 Reply 1

Seb Rupik
VIP Alumni
VIP Alumni

ā€Ž09-16-2020 01:01 AM

Hi there,

From your description it sounds like you are configuring you servers with interfaces in both the LAN and DMZ. This is bad practice as you are effectilvy providing a bridge between the networks bypassing the firewall. Granted these servers may not route between their interfaces, but by compromising the DMZ interface an attacker can than pivot into your LAN without your firewall having visibility of the traffic.

 

Your routing issues sounds like it is caused by the server having two interface but a default route out of only one of them. The 'sometimes' working scenario is probably down to you reaching the server on a subnet it also has an interface in.

 

cheers,

Seb.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card