10-28-2007 04:09 PM - edited 03-03-2019 05:30 AM
I'm coming from a network that uses Cisco 2600 routers and now looking at using the 1812 integrated services router. On the 2600, there is a separate output for a DMZ segment. I don't see that called out as a feature in the 1800 series. Can you configure one of the 8 LAN ports as a DMZ? Is that done using the VLAN features?
10-28-2007 04:20 PM
Richard
I am not familiar with the 2600 having a separate DMZ. If you want to create a DMZ on an 1812 you should be able to put one of the LAN ports into a separate VLAN and to treat it as a DMZ.
HTH
Rick
10-29-2007 06:30 AM
Thanks, Rick. To route WAN traffic to a particular VLAN, just like a DMZ port, is it just setting up a regular routing rule referring to the VLAN id?
10-29-2007 08:22 AM
Richard
I am not sure that I really understand what you are trying to accomplish. When you talk about establishing a DMZ are you trying to use firewall rules on this router? When you talk about routing WAN traffic to the VLAN is this traffic from the inside going toward the WAN that you want to route into the DMZ or is it traffic from the outside WAN that you want to route to the DMZ?
HTH
Rick
10-29-2007 08:40 AM
Hi Rick,
I want is to have 2 segments behind the router / firewall. The LAN segment contains user workstations and internal servers for shares, print, email. The DMZ segment contains web servers, ftp, mail relays, dns, etc. All inbound WAN traffic goes to the DMZ. So, I think it's a combination of routing rules and firewall rules. Routing rules to say send inbound WAN traffic to the VLAN and firewall rules to say just ftp, http, etc. Sound right?
-Rich
10-29-2007 08:49 AM
Rich
If the inbound WAN traffic has a destination address in the DMZ subnet then routing to the DMZ is easy. I am not quite clear what you want to do with traffic inbound from WAN and whose destination address is in the LAN? If you also want to send that through the DMZ then you probably need to implement Policy Based Routing to identify all traffic arriving on the WAN interface and having destination addresses within the LAN and set the next-hop as an address in the DMZ.
HTH
Rick
10-29-2007 08:57 AM
The LAN is a NAT'd / firewalled private network not directly visible to the WAN, so there should be no inbound traffic from the WAN. There are proxies in the DMZ such as email relay that need to be able to send to LAN servers, but hopefully that's just a routing rule. Does that make sense with the 1812?
10-29-2007 09:46 AM
Rich
I think that makes sense.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: