Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
332
Views
0
Helpful
2
Replies

DMZ using Cisco 1721 (all feature set) with WIC-4ESW 4 FastEthernet Switch

admin_2
Level 3
Level 3

‎04-20-2004 10:38 AM - edited ‎03-02-2019 03:07 PM

Hi,

Although i'm not a newbie to cisco devices, i find my self chasing my tail, trying to configure a dmz to my router using the WIC-4ESW ports as DMZs.

Can you give me directions or direct me to some publically available samples, this task sitting on my desk for already 3 months, with no success.

Labels:
0 Helpful
2 Replies 2

carenas123
Level 5
Level 5

‎04-26-2004 07:04 AM

For your case, you can configure your WIC-4ESW ports as DMZ's by configuring Context Based Access Control (CBAC) feature of Cisco IOS firewall on your INTERNAL intefaces i.e WIC-4ESW ports. Please refer the following document for more information and see example DMZ topology ( Figure 3 in the document).

http://www.cisco.com/en/US/products/sw/iosswrel/ps1830/products_feature_guide09186a008008796f.html#15788

0 Helpful

Not applicable

‎05-02-2004 09:38 AM

I'm doing DMZ using VLANs, which the WIC-4ESW supports. Basically, you designate some of the switch ports to be in a different VLAN. Since you already have a 1721, you probably have something like FastEthernet 0, and then FastEthernet 1-4, which are the switch ports. You probably also have a Vlan 1 interface, which is the default.

Assuming you have a current Cisco IOS release, try something like this:

conf term

inter vlan 2 (or some unused vlan number)

ip address ...

...other interface options you like

...security options you like

^Z

conf term

inter fast 4 (port 4 on the switch, you can choose any unused port)

no ip address

switchport access vlan 2

exit

You can then treat vlan 2 as a different interface and anything on switch port 4 is connected to vlan 2. You can create access rules, CBAC rules, audit rules, uRPF, that govern how vlan 2 is used.

I haven't yet tried NAT that way, since there are then 3 interfaces and I'm not entirely sure how that'll be handled (you either need to specify an interface as being inside our outside).

Hopefully this gives you some ideas!

Devin Nate

0 Helpful
Customers Also Viewed These Support Documents