Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SA 520w-k9 (DMZ help)

Hi!

Im trying to set up DMZ so we can have a webserver running in that zone. I have followed the instruction from installation guide. We use the optional port and set it in the DMZ mode use the IP numbers from the guide 172.16.2.1 and have set up a temporary computer to test this. We dont get any contact with the router from the test computer? with this configs we have set up a rule in the firewall to allow all traffic from the DMZ zone to WAN and the DMZ has a external IP.

We use FW: 1.0.15 Dont know if thats the going to help to upgrade need some advice first.

I know there is a lot of experts out there that can give me some advice...

Tom

8 REPLIES

Re: SA 520w-k9 (DMZ help)

Hi!

Im trying to set up DMZ so we can have a webserver running in that zone. I have followed the instruction from installation guide. We use the optional port and set it in the DMZ mode use the IP numbers from the guide 172.16.2.1 and have set up a temporary computer to test this. We dont get any contact with the router from the test computer? with this configs we have set up a rule in the firewall to allow all traffic from the DMZ zone to WAN and the DMZ has a external IP.

We use FW: 1.0.15 Dont know if thats the going to help to upgrade need some advice first.

I know there is a lot of experts out there that can give me some advice...

Tom

Hi Tom,

In router you need to have reverse route for DMZ subnet towards the firewall and in firewall just drop a default route towards the router interface.

As you have opened a any to any rule in firewall for both the inetrface routing needs to be done just configure the above route and see are you able to reach dmz subnet or not.

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

New Member

Re: SA 520w-k9 (DMZ help)

Hi Tom,

In  router you need to have reverse route for DMZ subnet towards the  firewall and in firewall just drop a default route towards the router  interface.

As  you have opened a any to any rule in firewall for both the inetrface  routing needs to be done just configure the above route and see are you  able to reach dmz subnet or not.

Hope to Help !!

Ganesh.H

Remember to  rate the helpful post

Thank you for your answers! I will try the above, Sorry about my poor understandning in Inglish is there any way you can explain the above in a more easy way? I have dowloaded the latest FW and will upgrade the router soon, but thats was not that easy when all the settings vanish and you must manualy reenter the settings

best regards Tom

Re: SA 520w-k9 (DMZ help)

Thank you for your answers! I will try the above, Sorry about my poor understandning in Inglish is there any way you can explain the above in a more easy way? I have dowloaded the latest FW and will upgrade the router soon, but thats was not that easy when all the settings vanish and you must manualy reenter the settings

best regards Tom

                    Attachments:

Hi Tom,

I have taken with the following diagram in my mind Router -- SA520 --DMZ(Port)-- Host,If yes then you need to check the routing table configuration on both routers and SA520.

In router you need to drop a route for DMZ subnet towards the SA520 connected interface and in SA520 you need to drop a default route towards the router connected interface. with policy ip any to any you will able to ping the host in dmz from router interface.

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

New Member

Re: SA 520w-k9 (DMZ help)

Thanks again, but I have only one router. Sorry if I have been a little unclear..

Tom

Re: SA 520w-k9 (DMZ help)

Can you paste a diagrammatic view of your network architecure !!

Ganesh.H

New Member

Re: SA 520w-k9 (DMZ help)

Right now, there is just one single computer connected to the router SA 520w trying to connect over the DMZ, The client is connected to the Optional port on the router and no matter what I do the client and the router cant make any connection? like you said when there is a connection you will be able to ping the router. And the settings for the DMZ is to act like an DHCP but the client dont get any IP.. I have tryed the other way around with specifik IPs but with same result.

Tom

Cisco Employee

Re: SA 520w-k9 (DMZ help)

You really need to update. There have been several firmware updates with new features and fixes since 1.0.15.

Latest 1.1.42

Or try to get the beta release here:

A Release Candidate (RC1) build for  the SA 500 is now available for Cisco customers and partners to  evaluate.If you are an interested customer/partner, you can obtain an  early build of the firmware by sending an email to: sa500-mr2-rc1@cisco.com with your Cisco.com User ID in the subject line of the email. You will  then receive an email notification with instructions on how to download  the firmware.

by Cindy Toy at Jun 25, 2010 6:21 PM                        

Cisco Employee

Re: SA 520w-k9 (DMZ help)

1) you need to upgrade at least to the latest official firmware 1.1.42

2) you need to change the OPTINAL PORT MODE role to DMZ

3) in "DMZ Config" give the port a valid Ip address and subnet. 172.16.2.0/255.255.255.0

4) in "DMZ Config" change DHCP mode to "DHCP server"

at that point my PC gets an Ip adress (172.16.2.100) from the Sa500 (if your's doesn't check firmware, cable, pc settings etc.)

5) to use a web server at this ip address i added following firewall rule

6) when I http://wanaddress from the internet it works.

let me know what you want to reach from inside the DMZ to which zone

951
Views
0
Helpful
8
Replies