Can i Configure DMZ on Cisco Router 1841

mmtantawi · ‎11-13-2006

Dear All,

i have here in my LAN, one Cisco Router 1841 with its default things ( 2 FE , 1 Console Port , 1 AUX Port , 2 Slots Empty ).

Now, The First Interface on the Router is have Real- IP and it connected directly to The ISP Router, for Internet Connection.

The Second Interface which is F0/1, is connected to My LAN and have the Internal IP Address which is 192.168.1.100 / 255.255.255.0 .

and all the users have the Default gateway which is 192.168.1.100.

now, all the Users access INTERNET through this Router exactly.

Now, we do not have here any Firewall at all between the internet and our LAN, except this Router.

Now, i have a FTP Server I Need to Put it and Setup For the Users who they are outside my organaization to access it from the internet in any where in the World.

so, i need to Implement DMZ on my Router.

so, as the DMZ definetion say, its

[small subnetwork that sits between a trusted Network LAN, & Untrusted Network such as Internet ] .

so, what i did is, i Purchase one modular Router which is HWIC4, and i plug it in the Router.

so, by doing this do you think i am correct on the following :-

1-increase the router ability to serve more than 1 Network .

2- Can i consider each Interface on the HWIC a sepearate DMZ, becasue each Interface will have its Own IP Address .

Please Update me .

do you think, only i am correct on the Idea it self or Not ?

avillalva · ‎11-13-2006

Hi,

I would have just made the second interface on the 1841 my DMZ.

i.e. one arm of the router to the ISP

one arm to the DMZ

+ one arm to the LAN

You will need to allocate a separate subnet for the DMZ. If it's public access you may wish to use public addresses (supplied by your ISP) but if they are not available you can use private addresses and NAT the packets in.

Hope that helps,

Andres