Hello, I have a fairly complex question and am looking for some input.....
I have the following environment to work with....
WAN INet
| |
| |
LAN---------|~~~~~~~~~~~~~~~~-------DMZ
| Firewall |
|________________|
AS you can see I have for distinct interfaces.... The WAN is via a Cisco
7000, the INet is via a Cisco 25xx.
Essentially, we do not trust the WAN and do trust our LAN(Silly us!)
The idea is to use NAT for Clients outbound, as well for Inbound traffic to
some servers. In addition to the above diagram, I was thinking of dial in
access on yet another segment(NIC) on the firewall.
Here are some of the questions :
1. Is a DMZ really needed IF you use NAT?
2. I would like to NOT use NAT in the DMZ, yet if you assume I get a
class-c, and my ethernet interface on the Cisco 25xx and the Firewall side
connecting to it have addresses in the Inet class-c range, what's the
easiest way to break up te address space??
IE... a.b.c.x(Ether of Inet router)
a.b.c.x(Firewall connected to router)
LAN/WAN- e.f.g.x--j.k.l.x
DMZ-----Would like to use addresses from the range provided by ISP
a.b.c.x----
Could I just do subnet masking???
The reason I would prefer to stay away from NAT for the servers....
1. It would make configuring DNS and Mail servers easier.
2. It would make routing tables easier.
3. It would be easier to maintain and understand!
Thanks,
Rick Hardy
|
|
