DMZ setup using Cisco 2811 Router

Answered Question
Aug 12th, 2011

Hello,

I am pretty new to the configuration of a DMZ and I have the task of setting one up.

I have a Cisco 2811 Router running Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 12.4(24)T1, RELEASE SOFTWARE (fc3), 2 FE interfaces.

One FE is connected to the WAN, with a loopback interface configured with the public IP for Internet access in the office.

The other FE has 2 sub interfaces configured, one for data and the other for voice traffic.

Users within the office are configured to use the data VLAN to access the internet through the WAN.

Now we are setting up some new services and we require to have DMZs setup.

I want to setup 3 zones now that the different servers would reside in. How can i achieve this using the existing infrastructure I have?

I have an idea to create more subinterfaces and assign them to the zones, but I am still not sure how this would play out. I have been on this for the whole day and unable to make significant progress. Would appreciate any help and guide what so ever.

Regards,

Femi

I have this problem too.
0 votes
Correct Answer by ajay chauhan about 2 years 8 months ago

Ok then you can go for another sub interface for new vlan  make it part of DMZ ,Assign new IP range  and use the ip inspect feature of firewalling.

This might help.

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/product_implementation_design_guide09186a00800fd670.html

Ajay

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
femi.agboade Fri, 08/12/2011 - 11:01

Hi Ajay,

I intend to use the firewall module/add-on on the 2811 IOS for this purpose.

An ASA will be deployed much later towards the end of the year or Q1 2012.

Regards,

Femi

femi.agboade Fri, 08/12/2011 - 11:42

Hi Ajay,

Thanks for the suggestion and the link. Though I was looking for a more definitive step-by-step guide that could help me arrive at the goal faster. I'm not familiar with firewall rule setup, but will see what I can do tonight based on URL you sent.

Thanks again.

Femi

femi.agboade Wed, 08/17/2011 - 08:10

Hi Ajay,

So what I did was to create multiple VLANs and corresponding Security Zones on the router. Each VLAN was assigned to a Security Zone. Using firewall rules, I resprticted traffic between the VLANs to meet the specific need of what i needed to achieve.

Thanks for the heads up again.

Regards,

Femi

Actions

Login or Register to take actions

This Discussion

Posted August 12, 2011 at 10:37 AM
Stats:
Replies:5 Avg. Rating:5
Views:8299 Votes:0
Shares:0
Tags: dmz, firewall
+

Related Content

Discussions Leaderboard

Rank Username Points
1 7,861
2 6,140
3 3,170
4 1,473
5 1,446