DMZ using 1812 router

Unanswered Question

I'm coming from a network that uses Cisco 2600 routers and now looking at using the 1812 integrated services router. On the 2600, there is a separate output for a DMZ segment. I don't see that called out as a feature in the 1800 series. Can you configure one of the 8 LAN ports as a DMZ? Is that done using the VLAN features?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Sun, 10/28/2007 - 16:20

Richard

I am not familiar with the 2600 having a separate DMZ. If you want to create a DMZ on an 1812 you should be able to put one of the LAN ports into a separate VLAN and to treat it as a DMZ.

HTH

Rick

Richard Burts Mon, 10/29/2007 - 08:22

Richard

I am not sure that I really understand what you are trying to accomplish. When you talk about establishing a DMZ are you trying to use firewall rules on this router? When you talk about routing WAN traffic to the VLAN is this traffic from the inside going toward the WAN that you want to route into the DMZ or is it traffic from the outside WAN that you want to route to the DMZ?

HTH

Rick

Hi Rick,

I want is to have 2 segments behind the router / firewall. The LAN segment contains user workstations and internal servers for shares, print, email. The DMZ segment contains web servers, ftp, mail relays, dns, etc. All inbound WAN traffic goes to the DMZ. So, I think it's a combination of routing rules and firewall rules. Routing rules to say send inbound WAN traffic to the VLAN and firewall rules to say just ftp, http, etc. Sound right?

-Rich

Richard Burts Mon, 10/29/2007 - 08:49

Rich

If the inbound WAN traffic has a destination address in the DMZ subnet then routing to the DMZ is easy. I am not quite clear what you want to do with traffic inbound from WAN and whose destination address is in the LAN? If you also want to send that through the DMZ then you probably need to implement Policy Based Routing to identify all traffic arriving on the WAN interface and having destination addresses within the LAN and set the next-hop as an address in the DMZ.

HTH

Rick

Actions

This Discussion