Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

nat or dmz interface

I have a server which is located inside interface a two layer firewalled intranet of a large corporate network. I would like to make this server accessible from Internet. What would be the best practice on providing public access to a intranet server? using another interface on server which is connected to a DMZ or by NAT directly its local address to a public address?

Any help or suggestions would be much appreciated. Thanks,

turkeer

1 REPLY

Re: nat or dmz interface

Hi,

Your intention is to allow outsider to access your internal server in a double layer firewall setup.

Talking about best practice, for security reason, you should relocate the server out from your internal network and put it into DMZ. From here, mapped the server DMZ IP to a public IP to allow internet users coming into the server via permitted services. If this server need to communicate with other internal servers, use ACL to open and control access/service type.

Allowing outsider to directly access your internal server, especially for large corporate network is a bit risky as should any of the internet user (or hacker) managed to find way to hack into that server, he/she has a better oppportunity to do more damage to your network/system.

Please read Cisco SAFE Blueprint, specifically for larger/enterprise corporate network environment at:

http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns128/networking_solutions_package.html

Using dual NIC is possible, but again, it will still open loophole into your internal network.

Rgds,

AK

216
Views
5
Helpful
1
Replies
CreatePlease to create content