Firewall Wizards mailing list archives
Re: NAT cruddiness
From: Chris Myers <clmmacunix () charter net>
Date: Tue, 30 Jan 2007 22:43:49 -0600
J. Oquendo, I don't know the routing for the vlan's, so I will assume they have a layer 3 switch or router in place to determine these are going to the DMZ. The DMZ only needs a route (i.e. static) for the policies or ACL's what ever box this DMZ is on. You will need to give access from VLAN C to VLANB via the policy or ACL in the DMZ. Now traditionally the Object is just the way of pre-programming the networks you want and then you can add them to your policy by name or IP. Your policy should read something like: access-list permit VLANB_VLANC ip host 172.16.20.1 255.255.255.255 host 172.16.30.1 255.255.255.255. This is a common Cisco ACL. You may have to work with it, as it is late and I am pulling the ACL from memory. Thanks, Chris On Jan 30, 2007, at 8:08 PM, J. Oquendo wrote:
Hey all, trying to help someone with an idiotic VLAN/DMZ issue: Breakdown: Admin has the following: NetworkA 172.16.20.1 (VLAN B) MachineA 172.16.20.5 (Windows) NetworkB 172.16.30.1 (VLAN C) MachineB 172.16.30.2 (Windows 2003) Supposedly Machine is thrown in a DMZ and they want to be able to create an object of sorts to do forwarding: e.g.: Object = 172.16.20.250 --> Redirects to MachineB Easiest fool-proof method? I don't know enough about their topology to know what their VLAN trunking is, nor their rules. -- ==================================================== J. Oquendo http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743 sil . infiltrated @ net http://www.infiltrated.net The happiness of society is the end of government. John Adams _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- NAT cruddiness J. Oquendo (Jan 30)
- Re: NAT cruddiness Chris Myers (Jan 31)