Do I understand correctly that Internet users will access resources on user
subnet?
Whenever you do just do not let MCSEs design your network :)
On 26 January 2011 01:52, faizan khurshid <faizankhurshid921_at_hotmail.com>wrote:
> To Group
>
>
> i have one design in which i need isolate my new-DMZ physically from my
> existing network below is the rquirement
>
> There is 3-DMZ one is already exit which has ip 192.168.5.x which exist
> inside users sub-net
> Now i have to create two DMZ make it isolate from existing network (DMZ-1
> and
> DMZ-2)
>
> 1)user coming from internet hit to firewall goes to DMZ-1 then there will
> be
> more filtering via Microsoft firewall
> 2)From there packet takes a path of DMZ-2 to reach the firewall and then
> allow
> outside users to access Server which is already exist in my network(has
> the
> ip of 192.168.5.x)
>
> Server side Requirement they dont want Router on Stick for DMZ-1 &DMZ-2
> should not communicate each other DMZ switch must be transparent
>
> Now my approach will be create one physically interface on Firewall
> connected
> to DMZ Switch (make it Layer2)
> create second physical interface for DMZ-2 on same Firewall going to
> connect with same DMZ-switch(make it layer 2)
> is this applicable that same switch two physical interface ? as per my
> understanding we have to manually assign IP to Servers
> provide gateway like that DMZ-1 it will 192.168.11.1 for DMZ-2
> 192.168.12.1
>
> My query s that for 2 DMZ do i need two layer 2 switch separate for each
> or
> it will work fine on only switch DMZ
>
>
> Below is my network design
>
>
> http://img840.imageshack.us/g/dmzl.jpg/
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Wed Jan 26 2011 - 17:22:14 ART
This archive was generated by hypermail 2.2.0 : Tue Feb 01 2011 - 07:39:17 ART
