To Group
i have one design in which i need isolate my new-DMZ physically from my
existing network below is the rquirement
There is 3-DMZ one is already exit which has ip 192.168.5.x which exist
inside users sub-net
Now i have to create two DMZ make it isolate from existing network (DMZ-1 and
DMZ-2)
1)user coming from internet hit to firewall goes to DMZ-1 then there will be
more filtering via Microsoft firewall
2)From there packet takes a path of DMZ-2 to reach the firewall and then allow
outside users to access Server which is already exist in my network(has the
ip of 192.168.5.x)
Server side Requirement they dont want Router on Stick for DMZ-1 &DMZ-2
should not communicate each other DMZ switch must be transparent
Now my approach will be create one physically interface on Firewall connected
to DMZ Switch (make it Layer2)
create second physical interface for DMZ-2 on same Firewall going to
connect with same DMZ-switch(make it layer 2)
is this applicable that same switch two physical interface ? as per my
understanding we have to manually assign IP to Servers
provide gateway like that DMZ-1 it will 192.168.11.1 for DMZ-2
192.168.12.1
My query s that for 2 DMZ do i need two layer 2 switch separate for each or
it will work fine on only switch DMZ
Below is my network design
http://img840.imageshack.us/g/dmzl.jpg/
Blogs and organic groups at http://www.ccie.net
Received on Wed Jan 26 2011 - 11:52:45 ART
This archive was generated by hypermail 2.2.0 : Tue Feb 01 2011 - 07:39:17 ART
