Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Designing a DMZ

How are DMZs usually designed? Are the systems in the DMZ usually given a private IP address and the outward bound interface(s) on the firewall are assigned multiple public IPs to corraspond with the internernal machines?

OR...

Do people assign public IP addresses to machines inside their DMZ and just use their firewall as a filter, not so much address translation?

Thanks!

-ee99ee (cmiller@intellithought.com)

2 REPLIES

Re: Designing a DMZ

Generally devices on the DMZ are given private IPs and the firewall will NAT for them. NAT is so common now and fast that it introduces no delay. You also always want to hide your internal addressing scheme. You will also want to NAT between your inside and the DMZ (again, hide the addressing as much as possible).

In the case of the PIX, it is assigned one public IP on the outside interface and then you apply static NAT to map the public IP to the server on the DMZ. The interface only has the one IP but will respond (ie accept and forward) to packets destined for those servers on the DMZ.

Hope it helps.

Steve

New Member

Re: Designing a DMZ

Thank you that is exactly what I was wanting to know. Answeres me question exactly! :-)

-ee99ee (cmiller@intellithought.com)

160
Views
5
Helpful
2
Replies
CreatePlease to create content