This is a discussion on Re: [fw-wiz] NAT cruddiness - Firewalls ; J. Oquendo, I don't know the routing for the vlan's, so I will assume they have a layer 3 switch or router in place to determine these are going to the DMZ. The DMZ only needs a route (i.e. static) ...
I don't know the routing for the vlan's, so I will assume they have
a layer 3 switch or router in place to determine these are going to
the DMZ. The DMZ only needs a route (i.e. static) for the policies or
ACL's what ever box this DMZ is on. You will need to give access from
VLAN C to VLANB via the policy or ACL in the DMZ. Now traditionally
the Object is just the way of pre-programming the networks you want
and then you can add them to your policy by name or IP. Your policy
should read something like: access-list permit VLANB_VLANC ip host
172.16.20.1 255.255.255.255 host 172.16.30.1 255.255.255.255. This is
a common Cisco ACL. You may have to work with it, as it is late and I
am pulling the ACL from memory.
On Jan 30, 2007, at 8:08 PM, J. Oquendo wrote:
> Hey all, trying to help someone with an idiotic VLAN/DMZ issue:
> Breakdown: Admin has the following:
> NetworkA 172.16.20.1 (VLAN B)
> MachineA 172.16.20.5 (Windows)
> NetworkB 172.16.30.1 (VLAN C)
> MachineB 172.16.30.2 (Windows 2003)
> Supposedly Machine is thrown in a DMZ and they want to be able to
> create an object of sorts to do forwarding: e.g.:
> Object = 172.16.20.250 --> Redirects to MachineB
> Easiest fool-proof method? I don't know enough about their topology
> to know what their VLAN trunking is, nor their rules.
> ================================================== ==
> J. Oquendo
> sil . infiltrated @ net http://www.infiltrated.net
> The happiness of society is the end of government.
> John Adams
> firewall-wizards mailing list
firewall-wizards mailing list