Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to create a network with DMZ ??

Status
Not open for further replies.
winsonlee

winsonlee

Technical User
Oct 4, 2002
4
AU
How can i create a network with DMZ ??

pc 1 ==> switch 1 ( ==> switch 2 ==> vpn concentrator ==> pix 525 ==> router ==> internet (IP VPN)
pc 2 ==>
pc 3 ==>

all the server will be connected to switch 2.
mail server ==> switch 2 ==> vpn concentrator ==> pix 525 ==> router ==> internet (IP VPN)
web server ==>
data server ==>

all the server and switch 2 will be in the Demilitarized Zone. is there anything wrong wif the design ?? how can i improve on this network design ?? what router can i used to connect to the internet if i am using IP VPN service frm the ISP ??
 
Sort by date Sort by votes
If switch 1 is just patched into switch 2 then are you using VLANS? If not then you do not appear to have a DMZ if I understand your setup correctly.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************
 
Upvote 0 Downvote
if i am not using VLAN, what are the changes that i need to make to my existing design ???
 
Upvote 0 Downvote
It all depends. What model Pix do you have?

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************
 
Upvote 0 Downvote
In that case you can set up another interface to be a DMZ.


Internal_Net --- [------Firewall ----] ----Ext_Router
| |
| |
Server_DMZ1 VPN_Concentrator_DMZ2

You can set up multiple interfaces on the 525 with different security levels. Your outside is sec0 and the inside is sec100 and all the other interfaces will be inbetween. Each DMZ will be on a different subnet.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************
 
Upvote 0 Downvote

(pc1, pc2, pc3) ===> switch 1 ===> Firewall ===> External Router

DMZ
---
(server1, server2, server3) ===> switch 2 ==> Firewall ==> External Router

VPN Concentrator ===> Firewall ==> External Router

is this how the design should looks ???


 
Upvote 0 Downvote
Your diagram isn't very clear but the basic idea is that your PC's and your servers sit on different interfaces on the firewalls. The VPN concentrator can sit either parallel with the firewall or on an other firewall interface.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Miluis
  • Locked
  • Question
How necessary is an antivirus?
Replies
3
Views
305
Rick998
Rick998
Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
809
Johnkite
Johnkite
ciscokid1984
  • Locked
  • Question
Watchguard RDP from external network
Replies
1
Views
344
hairlessupportmonkey
hairlessupportmonkey
acabezas2014
  • Locked
  • Question
Configuring ASA for Network Segmentation
Replies
1
Views
403
acabezas2014
acabezas2014

Part and Inventory Search

Sponsor

Back
Top