06-22-2008 12:37 PM - edited 03-03-2019 10:27 PM
Hi Team,
Firewall outside interface network ip addresses are overlaps with the DMZ ip addresses. How to overcome this issue.
06-22-2008 02:42 PM
Are the DMZ and firewall MPLS interface networks identical in terms of subnet and mask?
This sounds like your MPLS provider has provided you with a subnet and you want to insert a firewall between that subnet and the resources on the DMZ, correct?
The logical options are:
1: Work with your MPLS vendor to assign a /30 network solely for the link between your ASA and their CE router. Have them route the 172.x network to you. Renumber your firewall interface towards the MPLS cloud with their assigned interface out of the /30.
2: Renumber your DMZ resources to something not in conflict with the MPLS subnet and use NAT.
Other, generally ugly possibilities include bridging and some awful NAT hacks that aren't likely to scale.
An enterprise-wide IP assignment policy can help to avoid this in the first place but you often get into a jam with mergers with other companies having overlapping RFC1918 space.
06-23-2008 08:48 PM
Hi,
Thanks for your reply.Sorry for missing some points in my previous mail.
MPLS interface is having different ip range.
we are accessing almost all 140 site using this MPLS link.In that 140 site,
at the max we are having 10 site with 172.X range. R
Remaing are different.And coming to the DMZ zone all the IP addresses in the DMZ zone are
172.X range. Now problem for ours is when even the inside user is try to access the 172.X
ranges ip address which are in MPLS zone they are unable to access and they not wven able to
ping that ip addresses also.
But the same ip i am able to ping from MPLS router,but not from the inside network
I think YOu got my point.
Awaiting for your reply.
06-24-2008 07:29 PM
The best and most scalable solution would be to renumber the resources in the DMZ to a different subnet, and to institute an IP assignment plan to avoid future duplication.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide