Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

simple DMZ

Can anyone tell me how to set up a simple DMZ say for my exchange server on my cisco 1700 router , 2 ethernet interfaces, 1 connects to local lan !!




Re: simple DMZ


well usually DMZ is used in conjunction with internet access. But then you have LAN, DMZ, internet, which gives 3 interfaces (physical or logical). You do not mention internet, so did I get something wrong? What is your setup supposed to do?


Community Member

Re: simple DMZ

Do you have a firewall? If yes, then build the DMZ off a third interface of the firewall. If not, you could use your second ethernet interface to connect to a dedicated switch or configure a layer 2 vlan on exisiting switch meaning no routing is done on switch and configure the ports for this layer 2 vlan. Then connect your dmz device to these ports. You would use a seperate subnet for your dmz lan. Finally, create your ACLS to control access to and from the two LANS. again if you have no firewall.

Community Member

Re: simple DMZ

So can I use a loopback interface, or would I use a sub interface for this ?

Re: simple DMZ


Loopback interface is a logical interface most widely being used to keep the routing process alive though ur other links flaps or goes down.

You cant make use of loopback interface here for this purpose of creating a DMZ.

As already mentioned by previous posters you can have different VLANs and get the connected on the routers ethernet interface by configuring subinterface with different encapsulation under it.

By that you will be doing intervlan routing between the different vlans avaialable over the in ur local lan.

But again you need to have IP PLUS ios image in ur router to create different encapsulation under ur routers ethernet interface.

If u want to screen or filter the traffic being sent to the server then i would suggest to put the server in the normal lan itself and apply necessary restrictions using ACLs in the router.

Also harden the server with latest patches and also block the unused and unecessary ports which is kept open by default..


CreatePlease to create content