I have a 1750 with a /29 assigned to me, and I need to create a DMZ to put a DNS server on so that I can control access using CBAC. My FastEthernet interface is trunked to a Cat 2924. I'd like to have the /29 on one subinterface which talks to PacBell's router, and take a /30 out of the /29 and put it on another subinterface so that I can hang the DNS server off a port on that VLAN using a public IP address. I'd also like to use static NAT addresses out of the /29 including what would be an all zero or all one address out of the /30. My thought is that this would work since the NAT will take place via the subinterface on the /29 (ip nat outside), and the only time the /30 will come into play is with traffic destined to the DNS server, which is not NAT'ed. This would allow me to have routing and CBAC protection for the host on the /30 net and not lose the ability to use those addresses which would normally be lost from the /30 all zeros and all ones addresses by using them for static NAT entries for hosts on the private IP side of my network. When I go to assign an address out of the /30 to the subinterface facing the DMZ I get a message stating that the addresses overlap the other interface. Will this still work the way I believe it will? Would it make a difference if I use my currently shut down Eth0/0 interface instead of the trunked Fa0/0?
Thanks for your time/help! -- James D. Wilson, CCDA, MCP Sr. Network/Security Engineer "non sunt multiplicanda entia praeter necessitatem" William of Ockham (1285-1347/49) [GroupStudy.com removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51193&t=51193 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
