Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
313
Views
3
Helpful
1
Replies

public or private addressing on DMZ?

selane
Level 1
Level 1

‎03-26-2008 03:10 PM - edited ‎03-05-2019 10:00 PM

Green field design and have option of public or private IP's, both seem to have merits.

PRIVATE:

-can easily change ISP's in future without changing IP's on servers which can be a hassle at times

-thru PAT, many more addresses available assuming ISP gives limited public.

PUBLIC:

-no conflicts with other IP's for VPN or branches

-less NAT config headaches.

Thoughts?

Labels:
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎03-26-2008 03:18 PM

Hi

As you say both have merits and it really does depend to a large extent on how many servers on DMZ, how many Public IP's.

Unless you have provider independent Public IP addressing all other things being equal i would go for NAT unless you have any applications that you know will not work with NAT.

I don't think NAT should be viewed as a security function but rather it gives you more flexibility in how you deploy devices. I don't think conflicts with other branches should be an issue because if worse comes to worse you can NAT before IPSEC.

NAT can be a pain to configure in some cases but as you say nowhere near as big a pain as readdressing all your DMZ servers.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card