04-20-2004 10:38 AM - edited 03-02-2019 03:07 PM
Hi,
Although i'm not a newbie to cisco devices, i find my self chasing my tail, trying to configure a dmz to my router using the WIC-4ESW ports as DMZs.
Can you give me directions or direct me to some publically available samples, this task sitting on my desk for already 3 months, with no success.
04-26-2004 07:04 AM
For your case, you can configure your WIC-4ESW ports as DMZ's by configuring Context Based Access Control (CBAC) feature of Cisco IOS firewall on your INTERNAL intefaces i.e WIC-4ESW ports. Please refer the following document for more information and see example DMZ topology ( Figure 3 in the document).
05-02-2004 09:38 AM
I'm doing DMZ using VLANs, which the WIC-4ESW supports. Basically, you designate some of the switch ports to be in a different VLAN. Since you already have a 1721, you probably have something like FastEthernet 0, and then FastEthernet 1-4, which are the switch ports. You probably also have a Vlan 1 interface, which is the default.
Assuming you have a current Cisco IOS release, try something like this:
conf term
inter vlan 2 (or some unused vlan number)
ip address ...
...other interface options you like
...security options you like
^Z
conf term
inter fast 4 (port 4 on the switch, you can choose any unused port)
no ip address
switchport access vlan 2
exit
You can then treat vlan 2 as a different interface and anything on switch port 4 is connected to vlan 2. You can create access rules, CBAC rules, audit rules, uRPF, that govern how vlan 2 is used.
I haven't yet tried NAT that way, since there are then 3 interfaces and I'm not entirely sure how that'll be handled (you either need to specify an interface as being inside our outside).
Hopefully this gives you some ideas!
Devin Nate
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: