cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1678
Views
0
Helpful
4
Replies

how to configure dmz on 2821 with multiple public ip address

keith.gao
Level 1
Level 1

I have a cisco 2821 with two ethernet interfaces and one 8-port HWIC card.

On one ethernet with a public ip address(Untrust), and the other with internal network 10.5.0.0/16(Trust).

On the 8-port card I plan to configure as DMZ with multiple public ip addresses, and connect several web servers to be accessed from internet -- I had trouble doing it -- is this possible? And what is the right way to do it?

Thanks in advance, Keith

4 Replies 4

Nagaraja Thanthry
Cisco Employee
Cisco Employee

Hello,

You need to configure VLAN interfaces and assign the HWIC ports to specific

VLANs. Here is the configuration guide for configuring the HWIC card.

http://www.cisco.com/en/US/docs/ios/lanswitch/configuration/guide/lsw_hwic_e

thsw_ic_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1027188

Hope this helps.

Regards,

NT

Thank you, Nagaraja and TodirascuOvidiu.

Cisco support helps out on this one:

In other words, traffic destined to the DMZ Server was coming in through the

T1 link on the DMZ and trying to go out the Out-Zone.

I configured PBR on VLAN1 to force the return traffic from the DMZ Servers out the T1.

TodirascuOvidiu
Level 1
Level 1

The solution would be to use Zone Based Firewall this is the new ios firewall. The configuration is lenghty but if you have experience with PIX/ASAs you will find it easy to learn.

http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a008060f6dd.html

Thank you!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: