Cisco WS-CE500 Administration Manual page 62

Networking
Configuring a DMZ
Cisco SA500 Series Security Appliances Administration Guide
DMZ configuration is identical to the LAN configuration. There are no restrictions
on the IP address or subnet assigned to the DMZ port, other than the fact that it
cannot be identical to the IP address given to the LAN interface of this gateway.
In this scenario, the business has one public IP address, 209. 1 65.200.225, which is
used for both the router's public IP address and the web server's public IP
address. The administrator configures the Optional port to be used as a DMZ port.
A firewall rule allows inbound HTTP traffic to the web server at 172. 1 6.2.30.
Internet users can enter the domain name that is associated with the IP address
209. 1 65.200.225, and they are connected to the web server. The same IP address
is used for the WAN interface.
Figure 3 Example DMZ with One Public IP Address for WAN and DMZ
www.example.com
Internet
Public IP Address
209.165.200.225
SA 500
LAN Interface
192.168.75.1
User
192.168.75.10
DMZ Interface
172.16.2.1
Web Server
Private IP Address: 172.16.2.30
Public IP Address: 209.165.200.225
User
192.168.75.11
Source Address Translation
209.165.200.225 172.16.2.30
2
62