I'm going to put a switch in our DMZ, so all it does is allow switching within the DMZ. It isn't going to have any direct links into the internal network. Now I've hit a snag in this plan.
Basically the DMZ has public ip addresses and are in VLAN 130,131,132. My question is if I create an interface for vlan 130 on the switch and then give it an ip address, its going to need a public ip address for me to be able to reach it from my internal vlan. BTW the dmz and internal zones are separated via a pix 515e firewall.
My question is if I give the vlan 130 interface a private ip e.g 192.168.2.1 will I still be able to reach it, if say I put a route on the firewall to say 192.168.2.0 lies in the interface which has vlan130?
I hope this describes the situation in a clear way. Any further question please just ask.
You dont need a public IP on these switches to manage it from your internal vlans. You have to either use staic NAT from the inside interface to DMZ interface for 192.168.2.0 ip range or do a self static for the same IP range on Pix DMZ interface. You have to use ACL's and routes on PIX to allow the traffic from the DMZ to the inside vlans and you should be able to get an access to the switch.
Hi Dan It's a bit unclear what you mean by "Basically the DMZ has public ip addresses and are in VLAN 130,131,132"
Do you have 3 separate DMZ interfaces on your pix firewall \then.
Amit is right in that you don't need to use a public ip address. You could use a private address but you would need to add an interface on your pix in that same subnet range to be able to access it if that makes sense.
If you can't do this then yes you will need a public IP address on the switch interface.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...