Configuring A Dmz - Cisco QuickVPN - PC Administration Manual

Networking

Configuring a DMZ

STEP 4
STEP 5
Configuring a DMZ
Cisco SA 500 Series Security Appliances Administration Guide
Click Apply to save your settings, or click Reset to revert to the saved settings.
When you are ready, enable the new protocol bindings that you added. A new
protocol binding is disabled until you enable it.
A DMZ (Demarcation Zone or Demilitarized Zone) is a subnetwork that is behind
the firewall but that is open to the public. By placing your public services on a
DMZ, you can add an additional layer of security to the LAN. The public can
connect to the services on the DMZ but cannot penetrate the LAN. You should
configure your DMZ to include any hosts that must be exposed to the WAN (such
as web or email servers).
DMZ configuration is identical to the LAN configuration. There are no restrictions
on the IP address or subnet assigned to the DMZ port, other than the fact that it
cannot be identical to the IP address given to the LAN interface of this gateway.
In this scenario, the business has one public IP address, 209. 1 65.200.225, which is
used for both the router's public IP address and the web server's public IP
address. The administrator configures the Optional port to be used as a DMZ port.
A firewall rule allows inbound HTTP traffic to the web server at 172. 1 6.2.30.
Internet users can enter the domain name that is associated with the IP address
209. 1 65.200.225, and they are connected to the web server. The same IP address
is used for the WAN interface.
3
70