My ASL (V.3.2) is configured like this:
CISCO Router
|
eth1
|
ASL - eth0 - LAN
|
eth2
|
DMZ
(just an example, not the real network)
The Networks:
Internal LAN: 192.168.12.0/255.255.252.0
DMZ: 10.0.0.1/255.255.255.0
External: 193.79.60.0/255.255.255.224
Interfaces:
eth0 - 192.168.13.1
eth2 – 10.0.0.2
eth1 – 193.79.60.76
The internal network consists of two kinds of clients:
A: Browse-able-clients (using HTTP Proxy with static IP-addresses 192.168.13.1/255.255.255.0). I want to create a network-group and add IP-addresses manually.
B: Non-browse-able clients (DHCP clients 192.168.12.0/255.255.252.0)
Network A is a part of network B
In the DMZ I have:
Webserver 10.0.0.10 (HTTP)
Mailserver 10.0.0.12 (HTTP, HTTPS, SMTP, POP)
I’m trying to achieve to following:
1. Clients part of network A should be able to browse the Internet by using the proxy. They also should be able to use the services in the DMZ
2. Clients in network B should not be able to browse but able to use services in the DMZ.
Here are my questions:
1. I tried to create a new network group called “Browse-able-clients” and added single machines (networks) (e.g. 192.168.13.38/255.255.255.255) to it. In the next step I wanted to create masquerading. I went to Network – Masquerading but I could not find the network group Browse-able-clients in the drop down box “Network”. According to the documentation it should work like this.
2. How do I configure masquerading? From my point of view, I only have to configure it for network A.
3. What kind of HTTP-Proxy is recommend? (transparent or standard mod)
4. How can I manage access from internal network to DMZ securely?
5. Does somebody know a better approach for that?
This thread was automatically locked due to age.