I most often set it up with the first. With regards to situation #1: Pro: Easier maintenance of the firewall for the "private" network (not as many NATs to configure) Cons: Requires two firewalls, once in front of the DMZ and one behind it Limited address space from the ISP Must maintain strong filter rules on the "front" firewall
Situation #2 only requires one firewall, you can nat several services onto one address, but you run the risk of the firewall becoming overloaded and slowing down internet access, since it has to NAT *everything* now :-) Just my $.02 :-) ""Sam"" wrote in message news:[EMAIL PROTECTED] > Hey there > > Mostly, firewall design includes a dmz. In most companies, within this DMZ, > is it more likely to see the servers directly being given registered public > IP's, > > OR > > Is it more likely to see the servers being given private IP's and then a nat > translation created for internet users to access the servers. > > > Also, what are the pros and cons for the above two situations? > > thx Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65774&t=65769 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]