Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

need dmz setup help please! 2

Status
Not open for further replies.
cahelmster

cahelmster

MIS
Jan 15, 2002
126
When adding a DMZ, do you need 2 NICs on the server that will be connected to the DMZ?

Do I have to set a NAT, ROUTE, and/or GLOBAL command for the new DMZ interface? The DMZ will host an SMTP server that receives Internet email and sends out interoffice email.

All I want to do is move an existing SMTP server from the INSIDE interface to the DMZ interface...

Any help is appreciated!
 
Sort by date Sort by votes
Why would you need two NIC's?? Just connect a switch or a hub to the DMZ interface on the fw and then patch your SMTP server into that!

Or, patch the server into the DMZ port directly with a crossover cable. I recommend the switch!

Chris.
************************
Chris Andrew, CCNA
chrisac@gmx.co.uk
************************
 
Upvote 0 Downvote
Being sort of new to firewalls, I can see where the DMZ interface would be effective if I ran the crossover cable directly from the DMZ card to the server, but how could connecting the DMZ card to a switch or hub provide the extra DMZ security like the crossover setup? The switch option is essentially what I'm doing now...having outside SMTP traffic go through the network to get to the SMTP server...

I want to isolate the SMTP server so that outside email will not have to travel across the network to get to the SMTP server....outside requests will go straight from the firewall off to the server...

C
 
Upvote 0 Downvote
Hi,
Im running crossover cables between my firewall and servers. I only have one server behind my dmz so there is no need for a switch. A switch is just a smart hub. Just directs traffic. HOwever I would not suggest using a hub. Switches are not sniffable yet hubs are. Most people have more than one server behind the dmz. If there is more than one server then you need a switch or router/etc.

I hope this helps and doesn't confuse the heck out of you.
 
Upvote 0 Downvote
I see now why the switch option may be necessary...thanks for all responses...it's been a big help! :)
 
Upvote 0 Downvote
Using PIX 515ur, 6 interfaces, in Stateful failover... how would you hookup your DMZ to it? Multiple servers.
 
Upvote 0 Downvote
Patch both DMZ ports (one on each PIX) to your DMZ switch.

Chris. ************************
Chris Andrew, CCNA
chrisac@gmx.co.uk
************************
 
Upvote 0 Downvote
Could I use a hub? Right now that is all I have.

Or, I have 2 catalyst 6000 series switches with 9 blades on each, both with gig blades also. Could I use it? If so, how? Set the DMZ ports to its own VLAN?

thank ya
 
Upvote 0 Downvote
Yes, you could create a VLAN for your DMZ. No problems with that!

Chris.
************************
Chris Andrew, CCNA
chrisac@gmx.co.uk
************************
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
695
Sameer258
Sameer258
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
161
PauS0n
PauS0n
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
651
intel233
intel233
tklamb
  • Locked
  • Question
ACL help
Replies
0
Views
134
tklamb
tklamb
TheFireman2
  • Locked
  • Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
195
hairlessupportmonkey
hairlessupportmonkey

Part and Inventory Search

Sponsor

Back
Top