Now we finaly upgraded to latest fw .42 and tryin to setup DMZ network using IP alias. I am going through the pdf manual with the two public IPs. We have a webserver on the DMZ network running (Win server 2003) but when we try to (From LAN) http://adress.to.webserver then we always end up in the routers login-page! From outside LAN it cant find the adress. I have tryed a lots of different settings but everytime ending up with the loginscreen of the router? However when I try the ftp everything working ok.
When we from LAN type the numeric IP to the server its OK..
Settings right now:
DMZ port 172.16.2.1
IP 172.16.2.30 (defined in the router)
We have an DNS server running @ 192.168.10.1
We have setup some rulez in the firewall pointing at the public IP allowing FTP and HTTP and full access from LAN to DMZ
# Nr 2
We have a VPN tunnel up and running (Site to Site) with a preshared key. The connection drops very often (2-3 days interval) and the only thing to do is to reboot the router! When the connection is dropped and you look at the staus page is still say that the connection is Established, when its not. So its very confusing and I dont know how to find the problem causing the connection drop.
We have to of these routers and not very pleased, often the access to internet just drop and only thing is to reboot router and its good to go for maybe if your lucky a week..
I have now the latest fw, but still the same isue with the DNS settings of the DMZ, Can someone tell me the settings for DNS? shall Enable DNS Proxy be checked? We have an dedicated DNS server running on our network. And what about the settings in the webserver network config?
It seems to me that the server name is not being resolved to its WAN IP address. From what I can tell from your comments when you look for "http://www.myserver.mydomain.com" it is being resolved to the IP of the WAN interface, which would launch the router's login page. You need to have the URL "http://www.myserver.mydomain.com" resolve to your 2nd WAN IP address (the ALIAS). You may need to contact the vendor where your domain names are registered to add your new server information.
That should take care of external access of your website.
Now for LAN access to the server by name, you can accomplish this by using what is known as split-brain DNS, or by creating a forward lookup zone called myserver.mydomain.com, then add a Host (A) record with a name "www" and the internal DMZ IP address of the server. Your LAN users will be able to access your webserver by "http://www.myserver.mydomain.com"which resolves to the DMZ IP address. However, your LAN users must use your LAN DNS or they will go to the WAN to resolve "http://www.myserver.mydomain.com".
As far as Proxy DNS, you can enable it on the DMZ interface if and only if the computer on DMZ must resolve names through your service provider's DNS.
Hope this helps you out.
Do let us know if you have issues with connection drops.
Hi every one!!!When you are configuring a remote VPN connection, there
are some steps that are lost on the path. Here you can see those steps.
A) In your Cisco device: 1. Ensure you don´t have any rule denying the
traffic between the device and the remote...
Introduction: This document describes how to connect SG300 with Catalyst
switch via STP. Spanning Tree Protocol (STP) is a Layer 2 protocol that
runs on mainly on switches. The specification for STP is IEEE 802.1D.
The main purpose of STP is to ensure tha...
You have a Cisco Unified Communications Manager (CUCM) system and want
to configure a SPA112 analog telephone adaptor (ATA) to register to the
CUCM so that you can use up to two analog phones or similar FXS devices
with the CUCM.In this application note, ...