cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
787
Views
0
Helpful
7
Replies

DMZ using 1812 router

richard.yien
Level 1
Level 1

I'm coming from a network that uses Cisco 2600 routers and now looking at using the 1812 integrated services router. On the 2600, there is a separate output for a DMZ segment. I don't see that called out as a feature in the 1800 series. Can you configure one of the 8 LAN ports as a DMZ? Is that done using the VLAN features?

7 Replies 7

Richard Burts
Hall of Fame
Hall of Fame

Richard

I am not familiar with the 2600 having a separate DMZ. If you want to create a DMZ on an 1812 you should be able to put one of the LAN ports into a separate VLAN and to treat it as a DMZ.

HTH

Rick

HTH

Rick

Thanks, Rick. To route WAN traffic to a particular VLAN, just like a DMZ port, is it just setting up a regular routing rule referring to the VLAN id?

Richard

I am not sure that I really understand what you are trying to accomplish. When you talk about establishing a DMZ are you trying to use firewall rules on this router? When you talk about routing WAN traffic to the VLAN is this traffic from the inside going toward the WAN that you want to route into the DMZ or is it traffic from the outside WAN that you want to route to the DMZ?

HTH

Rick

HTH

Rick

Hi Rick,

I want is to have 2 segments behind the router / firewall. The LAN segment contains user workstations and internal servers for shares, print, email. The DMZ segment contains web servers, ftp, mail relays, dns, etc. All inbound WAN traffic goes to the DMZ. So, I think it's a combination of routing rules and firewall rules. Routing rules to say send inbound WAN traffic to the VLAN and firewall rules to say just ftp, http, etc. Sound right?

-Rich

Rich

If the inbound WAN traffic has a destination address in the DMZ subnet then routing to the DMZ is easy. I am not quite clear what you want to do with traffic inbound from WAN and whose destination address is in the LAN? If you also want to send that through the DMZ then you probably need to implement Policy Based Routing to identify all traffic arriving on the WAN interface and having destination addresses within the LAN and set the next-hop as an address in the DMZ.

HTH

Rick

HTH

Rick

The LAN is a NAT'd / firewalled private network not directly visible to the WAN, so there should be no inbound traffic from the WAN. There are proxies in the DMZ such as email relay that need to be able to send to LAN servers, but hopefully that's just a routing rule. Does that make sense with the 1812?

Rich

I think that makes sense.

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: