Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

DMZ using Cisco 1721 (all feature set) with WIC-4ESW 4 FastEthernet Switch

Hi,

Although i'm not a newbie to cisco devices, i find my self chasing my tail, trying to configure a dmz to my router using the WIC-4ESW ports as DMZs.

Can you give me directions or direct me to some publically available samples, this task sitting on my desk for already 3 months, with no success.

2 REPLIES
Silver

Re: DMZ using Cisco 1721 (all feature set) with WIC-4ESW 4 FastE

For your case, you can configure your WIC-4ESW ports as DMZ's by configuring Context Based Access Control (CBAC) feature of Cisco IOS firewall on your INTERNAL intefaces i.e WIC-4ESW ports. Please refer the following document for more information and see example DMZ topology ( Figure 3 in the document).

http://www.cisco.com/en/US/products/sw/iosswrel/ps1830/products_feature_guide09186a008008796f.html#15788

Anonymous
N/A

Re: DMZ using Cisco 1721 (all feature set) with WIC-4ESW 4 FastE

I'm doing DMZ using VLANs, which the WIC-4ESW supports. Basically, you designate some of the switch ports to be in a different VLAN. Since you already have a 1721, you probably have something like FastEthernet 0, and then FastEthernet 1-4, which are the switch ports. You probably also have a Vlan 1 interface, which is the default.

Assuming you have a current Cisco IOS release, try something like this:

conf term

inter vlan 2 (or some unused vlan number)

ip address ...

...other interface options you like

...security options you like

^Z

conf term

inter fast 4 (port 4 on the switch, you can choose any unused port)

no ip address

switchport access vlan 2

exit

You can then treat vlan 2 as a different interface and anything on switch port 4 is connected to vlan 2. You can create access rules, CBAC rules, audit rules, uRPF, that govern how vlan 2 is used.

I haven't yet tried NAT that way, since there are then 3 interfaces and I'm not entirely sure how that'll be handled (you either need to specify an interface as being inside our outside).

Hopefully this gives you some ideas!

Devin Nate

195
Views
0
Helpful
2
Replies