This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Static IP's from wan on DMZ Interface

What is the best way to have static ips work on the DMZ interface? I do not want to use snat/dnat as the ip's must be public, not natted. If I just put the machines on the DMZ and set thier ip's and masks as if they were on external and then create a static host route to the dmz interface(192.168.20.0/255.255.255.0), will the routing and filtering know whats going on? Will I have to add ipaliases on wan also, or will wan mask assume this??? Thanks in advance for any help.

This thread was automatically locked due to age.

Parents

0 BarryG over 19 years ago

The _best_ way is to have your router route all traffic to your ASL EXT IP, and then setup your DMZ with a smaller subnet of your IP block. ASL will then do static routing to the DMZ.
(In some of the ASL documentation, this is referred to as setting up transfer network between the EXT interface and the router.)

Or, you can use transparent/bridged mode.

I don't think your idea (with the 192 address) will work without NAT.

Proxy ARP might also work, but you'd need to create an additional IP on the EXT interface for each IP you're using.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 19 years ago

The _best_ way is to have your router route all traffic to your ASL EXT IP, and then setup your DMZ with a smaller subnet of your IP block. ASL will then do static routing to the DMZ.
(In some of the ASL documentation, this is referred to as setting up transfer network between the EXT interface and the router.)

Or, you can use transparent/bridged mode.

I don't think your idea (with the 192 address) will work without NAT.

Proxy ARP might also work, but you'd need to create an additional IP on the EXT interface for each IP you're using.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data