Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member


I have a 1721 and a 1720 connected through their serial interfaces over a T1 connection. The internet is on the Fa0 interface of the 1721 and the Fa0 interface of the 1720 is in my LAN. Previous to this we had a Linksys router connected right to the internet. I had a server in the DMZ of that router so that when I hit the public IP address the server would respond.

Now that we've gone to this new set up I have lost the DMZ ability, Is there a way to configure these routers to either forward ports to a specific IP or to put an internal machine in the DMZ.

The way it would have to work if this is possible is to put the 1720 router in the DMZ of the 1721 and the internal machine in the DMZ of the 1720.

Is this possible.

Any configs or suggestions would be appreciated.


Re: DMZ?


AFAIU from your post both the routers are placed in the same LAN connecting to different locations via T1.

Also the 1721 is acting as the Gateway router for you to go out to the outside world.(Since you got to have the internet connection on the ethernet port of the 1721 router).

I feel you can deploy the necessary CBAC functionalities in this box (1721) in which the internet link is terminated and do a simple nat based on the port no.

if you are using up or hosting the service in the normal port (80) you can just map the port number of the internal server ip to your external public ip (either spare public ip or to your ethernet ip itself).

ip nat inside source static tcp x.x.x.x 80 y.y.y.y 80

x.x.x.x being your servers ip address and y.y.y.y being your public(external) ip address which can be reached from the outside world.

do replace the port values accordingly as per your current hosting service port nos there.

if this doesnt solve your purpose do revert back..


New Member

Re: DMZ?

Thanks for your reply. The set up would look as follows:


Will I have to put this static NAT on both routers?

Re: DMZ?


You dont need to have Static NAT configs on both the routers to get the acces for your server from the outside world.

Static NAT configs are required to be done in the 1721 router which is connected to the internet and you need to have connectivity to the Serve from the 1721 router.

From your previous mail i felt that both the routers are in same lan and connected with T1s to different locations.


CreatePlease to create content