Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Creating a DMZ

Status
Not open for further replies.
JasonPartridge

JasonPartridge

Technical User
May 31, 2000
9
US
Hello,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;My supervisor and I are attempting to set up a &quot;DMZ&quot; outside of our firewall.&nbsp;&nbsp;here's our set up:<br>Cisco 2901 router<br>Watchguard FireBox II Plus<br>Cisco Etherswitch 1400 (old 10Mb switch) Currently empty.<br>Cisco Catalyst 2900 (fully pupulated)<br>Cisco Catalyst 2900 (fully pupulated)<br>Generic 10Mb hub.<br><br>We were thinking of using the old Cisco Es1400, to create our DMZ (jack the Eth interface from the router into the switch, jack the firebox into the switch, and then anything we want outside the Firewall into the switch as well.&nbsp;&nbsp;Problem is that when we attempt that, it works, kind of... we can see the I-net from within the LAN, and the rest of the world can see everything, except the systems that are jacked into the Cisco 1400!!!<br><br>HELP<br><br>Jason<br>
 
Sort by date Sort by votes
Jason,<br>You really didn't say how everything is connected together.<br>The router (perhaps a Cisco 2501) should be your connection to the internet. The Firebox (firewall) should have three interface cards. 1 outside, 1 inside, 1 DMZ.&nbsp;&nbsp;The DMZ port should connect to the switch and the switch to all systems sitting within the DMZ.&nbsp;&nbsp;The outside port should connect to the router and the router to the internet.&nbsp;&nbsp;The firewall needs to be set up so it knows how to pass traffic.&nbsp;&nbsp;Most of the systems in the DMZ should be doing some sort of proxying to truly do what they are suppose to and that is to provide a place for external users to attach to without actually letting them on the network.&nbsp;&nbsp;Anyhow, this is the way it should be done.&nbsp;&nbsp;If your firewall only has 2 nic cards you are really just hanging them outside because the firewall isn't protecting them at all.&nbsp;&nbsp;What systems can you ping from the systems off that switch?&nbsp;&nbsp;If you can ping the connections off the switch it sounds like you need to add a route somewhere either the firewall or the router so they can no where to send the replies back to.&nbsp;&nbsp;I hope this helps<br><br>Rob
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

jarod_paris
  • Locked
  • Question
firmware for an AP2800 WiFi terminal
Replies
0
Views
233
jarod_paris
jarod_paris
Zero6
  • Locked
  • Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
180
Zero6
Zero6
WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat 1
Replies
1
Views
457
BIS
BIS
inlsp05
  • Locked
  • Question
2811&amp;2960 48 volts wiring diagram
Replies
1
Views
228
BOKA
BOKA
NavinNet
  • Locked
  • Question
Why 2 different mac addresses of a server are being shown of CISCO 6509E Layer-3 Switch ?
Replies
0
Views
111
NavinNet
NavinNet

Part and Inventory Search

Sponsor

Back
Top