Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Moving DMZ to a Vlan

Here is what I would like to do. I have 2 4006 switches w/L3. I would like to take the 4 devices on my dmz (Router, Pix, Altiga vpn concentrator, DNS server)currently on a flat hub, and move them to a vlan. Can I do this without causing a routing problem? Do I simply define the vlan and just not give it an ip address so that those machines do not have access to the network through the "DMZ vlan". Traffic would have to go through the other inside intrefaces to get anywhere. Or, am I missing something altogether....

Any info would be appreciated.

Mike

1 REPLY
New Member

Re: Moving DMZ to a Vlan

Mike,

You can create a new vlan ( e.g. vlan 99 ) and add four ports on your catalysts to that vlan. On the routing blade, do not add an Ip addess as you have said.

This would provide your DMZ on a private vlan.

However, you would still need to have connectivity from your internal network to this new MZ location which would replace the connection to your existing shared hub.

Is the PIX configured for one inside interface (which connects to your internal routed LAN) and a seperate outside interface for external traffic, as well as this DMZ you have created?

Please provide more config details of the topology layout if this does not answer your question.

Colin

107
Views
0
Helpful
1
Replies
CreatePlease to create content