Network Setup (NAT vs static route)
- From: bthetford <brandon@xxxxxxxxxxxxx>
- Date: 30 May 2007 15:48:43 -0700
I have some questions regarding NAT vs static routing.
Here is the physical setup:
LAN-------ROUTER-------INTERNET
|
|
DMZ
Router is an 1811
Both servers in DMZ (call them DMZ1 and DMZ2) have at least 2 NICs
We have three public IP addresses
Right now, this is the logical setup:
LAN uses 10.0.0.0/21
DMZ uses 10.0.8.0/21
Router is 10.0.3.1
Router's FE0 is A.A.A.A and A.A.A.A is also dynamic NAT for LAN
B.B.B.B is static NAT to DMZ1
C.C.C.C is static NAT to DMZ2
So, the question is this:
Would it be better to just use static routes for the DMZ?
If not, what is the advantage to using NAT in the DMZ rather than
static routes?
I had tried static routes before, and it solved the problem of needing
split dns for internal/external access to the DMZ.
One thing that strikes me as odd is that, using NAT, the router is the
endpoint of any trace to DMZ1 or DMZ2, when, in my mind, it should
simply be a hop between them.
Would it also be advisable to set up a separate VLAN for the DMZ, as
well?
.
- Prev by Date: Network Setup (NAT vs static route)
- Next by Date: Re: PIX 501 - Port Redirection
- Previous by thread: Network Setup (NAT vs static route)
- Next by thread: Network Setup (NAT vs static route)
- Index(es):
Relevant Pages
|
