09-08-2010 04:32 PM - edited 03-06-2019 12:53 PM
I have a cisco 2821 with two ethernet interfaces and one 8-port HWIC card.
On one ethernet with a public ip address(Untrust), and the other with internal network 10.5.0.0/16(Trust).
On the 8-port card I plan to configure as DMZ with multiple public ip addresses, and connect several web servers to be accessed from internet -- I had trouble doing it -- is this possible? And what is the right way to do it?
Thanks in advance, Keith
09-08-2010 04:41 PM
Hello,
You need to configure VLAN interfaces and assign the HWIC ports to specific
VLANs. Here is the configuration guide for configuring the HWIC card.
http://www.cisco.com/en/US/docs/ios/lanswitch/configuration/guide/lsw_hwic_e
thsw_ic_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1027188
Hope this helps.
Regards,
NT
09-08-2010 05:49 PM
Thank you, Nagaraja and TodirascuOvidiu.
Cisco support helps out on this one:
In other words, traffic destined to the DMZ Server was coming in through the
T1 link on the DMZ and trying to go out the Out-Zone.
I configured PBR on VLAN1 to force the return traffic from the DMZ Servers out the T1.
09-08-2010 04:48 PM
The solution would be to use Zone Based Firewall this is the new ios firewall. The configuration is lenghty but if you have experience with PIX/ASAs you will find it easy to learn.
http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a008060f6dd.html
09-08-2010 05:50 PM
Thank you!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: