your basic configuration looks like it will work just fine, Mo, except for a
few details that you'll want to implement - you have default pointed to
s1/0:0, and the DMZ is behind fast0/0 somewhere.
to avoid asymmetrical routing, you'll want anything that comes in via s1/1:0
to go back out s1/1:0 - therefore, find a solution to re-route traffic
properly - possibly a route-map that sends the x.x.252.0 0.0.0.255 outbound
traffic to the s1/1:0 interface.
You also want to add an access list to the s1/0:0 interface that reflects
the security policy of the customer - minimally restricting ICMP and only
allowing the services that are required into the Corporate network, a
pre-firewall firewall.
-e-
----- Original Message -----
From: Moahzam Durrani
To:
Sent: Wednesday, April 11, 2001 12:49 PM
Subject: 2600 help , dmz, [7:256]
> we have a 2620 with two built in dsu/csu. At the moment we are using 1 T1
> from an ISP for internet access. We have another T1 available from a
> differnt ISP. We want to hang some servers on our DMZ so that the any one
> outside could access a web server. I am using RIP as a protocol. My
concern
> is that I hope users inside will not experience problem browsing the
> internet. Ie there wont bew a confusion for routing between the two ISP .
> Corporate users should not browse the net through serial 1/1 . Oh yeah the
> ip adress configured for the DMZ has a network adress of x.x.252.0
> 255.255.255.0 below is a config, is something missing ? . If any one could
> suggest anything ps let me know, id appreciate it .
>
>
>
>
> ontroller T1 1/0
> framing esf
> linecode b8zs
> channel-group 0 timeslots 1-24 speed 64
> description T1 TO CONCENTRIC
> !
> controller T1 1/1
> framing esf
> linecode b8zs
> channel-group 0 timeslots 1-24 speed 64
> description T1 to FIRST INTERNET ALLIANCE
> !
> !
> interface FastEthernet0/0 (corporate)
> ip address x.x .245.1 255.255.255.0
> no ip directed-broadcast
> no ip mroute-cache
> speed 100
> full-duplex
> !
> interface Serial1/0:0
> description concentric
> ip z.z.z.56 255.255.255.0
> no ip directed-broadcast
> encapsulation ppp
> no fair-queue
> !
> interface Serial1/1:0 (to be used for DMZ servers only)
> description FIRST INTERNET ALLIANCE
> ip address a.a.a.26 255.255.255.252
> no ip directed-broadcast
> encapsulation ppp
> no shutdown
> !
> router rip
> network x.x.0.0( corporate network)
> network y.y.y.0 (another network )
> network z.z.z.0 ( the concentric isp network)
> network a.a.a.0 (new ISP Network for DMZ servers)
> !
> no ip classless
> ip route 0.0.0.0 0.0.0.0 Serial1/0:0
> ip route x.x.0.0 255.255.0.0 x.x.245.10
> Mo Durrani
> IS&T
> WYSE\EDS
> phone:408-473 1246
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=470&t=256
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
