Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
552
Views
0
Helpful
1
Replies

Routing between dmz's and best practices

Jean Paul Enerst
Level 3
Level 3

‎12-06-2010 11:27 AM

Hi all Pros,

                   I am looking for best practices of routing between dmzs and configuration sample. In the diagram attached, I have all my vpn routers(site-2-site, and remote access) in their own dmz. Now, all the customer connected through the vpn can access the corporate network at for example:10.10.0.0/16, but can't access my dmzs yet! The plan was that customer will only use 192.168.9/24 to connect to the VPN. Once connected, all the traffic will go through 192.168.6.0/24- At the moment they can connected to the corporate network with this setup-.

1. To get routing working for dmz200,300.. I thinking to hairpin(send trattic back to same interface) traffic for these dmzs and set ACL permit traffic from vpn-dmz.

Any comments and suggestion are more than welcome,

Thanks in advance,

Jean Paul

Labels:
Preview file
66 KB
0 Helpful
1 Reply 1

mulatif
Cisco Employee
Cisco Employee

‎12-08-2010 08:37 AM

Hi Jean,

If you want the DMZ to talk to each other then why the use of different DMZs in the first place ? Is it because these are different customer and you want to control the traffic flow between the customers ?

To answer your questions, As long as DMZ 200\300, VPN-DMZ are different logical\physical interfaces you should be able to route traffic between them. What is the issue that you are running into ?

If it turns out to be  a complex issue then it might be quicker for you to open a TAC case.

Thanks,

Naman

0 Helpful
Customers Also Viewed These Support Documents