That would depend on how you have your DMZ
setup. If you have a full class C from your ISP or
enough address and you have subnetted it, you
shouldn't need to. You would need to verify that
the mask being used on the router is correct - don't
mask at the router like you do on the fw.
If your NATting with one of your public addresses,
then you may need to just add an ARP statement
to the fw for the NATted IP.
If you have a completely different network than that
of your public side and it's publicly routable, then
you would have to perform the following.
Do the following from the 'enable'd prompt.
conf t
ip route d.d.d.d m.m.m.m {external fw IP}
end {or CTRL-Z}
Where 'd' is the DMZ network IP and 'm' is the local mask.
If this works, then you might want to consider saving that
so it's always there after a router restart.
Robert
- -
Robert P. MacDonald, Network Engineer
Team Lead, e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> "MIS" <[EMAIL PROTECTED]> 11/17/00 6:34:15 PM >>>
>
>Can anybody tell me what command on the cisco router
>to add a route so that Internet users can look
>for server in our DMZ through external interface of the FW-1?
>
>Already try the following command
>#set route [destination] [source] [metric]
>
>but it did not work? unknown command !!!!
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
