Re: DMZ relocation [7:15597]
I believe one could also use policy-based routing. See Building Scalable Cisco Networks, Cisco Press. Original Message Follows From: "Aki Anttila" Reply-To: "Aki Anttila" To: [EMAIL PROTECTED] Subject: Re: DMZ relocation [7:15597] Date: Fri, 10 Aug 2001 08:14:12 -0400 At 07:59 10.8.2001 -0400, you wrote: >Is this possible, without bringing up a test network? Can one IP address be >routed differently then the routes currently in my EIGRP route table, that >are being advertised through-out the network? Any documentation on this >would be greatly appreciated. I am not 100% sure I understood your question but how about making a static host route pointing to LAN interface and redistrbuting this to EIGRP process? Aki _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=15599&t=15597 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DMZ relocation [7:15597]
At 07:59 10.8.2001 -0400, you wrote: >Is this possible, without bringing up a test network? Can one IP address be >routed differently then the routes currently in my EIGRP route table, that >are being advertised through-out the network? Any documentation on this >would be greatly appreciated. I am not 100% sure I understood your question but how about making a static host route pointing to LAN interface and redistrbuting this to EIGRP process? Aki Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=15598&t=15597 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DMZ Basics [7:10970]
Funny you should ask that, I just got through looking at an article in Network Computing on DMZ's. Check it out at http://www.networkcomputing.com/1214/1214ws1.html Also just a few opinions. First you really won't need the proxy/firewall if you get the PIX. Second you will see a big speed increase if traffic doesn't have to got through the proxy/firewall. Third VPN traffic can terminate on the PIX or pass through to a VPN concentrator (probably over kill). Just my 2 cents worth. Scott On Wed, 4 Jul 2001 06:49:59 -0400, Sammi wrote: > Hello all, > > I'd like to setup a DMZ in the near future and am still pondering > purchase of a PIX box. > Our interface to the outside world is through a Cisco 1600. > > So the DMZ would go: > > 1600 -> PIX -> ? -> ISA box (microsoft proxy/firewall) > > I know I don't want the PIX talking directly to the ISA, but not too > clear what I'm going to put in between, and why (functionality). Our > webpages are hosted off site by a third party, I would want to keep my > mail server inside right? I would like to set up VPN in the future, > should it go through the box between the firewalls? > The DMZ doesn't simply double the challenge does it? As in "ok, you > got through one firewall, now try the next". > > Any enlightenment greatly appreciated. ___ Send a cool gift with your E-Card http://www.bluemountain.com/giftcenter/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=12036&t=10970 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DMZ Basics [7:10970]
On 8 Jul 2001 09:19:45 -0400, [EMAIL PROTECTED] ("shella kevin")
wrote:
>Can you help me understand what is DMZ ... any good documentation
I printed off some links from here:
http://www.google.com/search?q=dmz+basics&hl=en&safe=off
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=11384&t=10970
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DMZ Basics [7:10970]
Can you help me understand what is DMZ ... any good documentation ?>From: "Sammi" >Reply-To: "Sammi" >To: [EMAIL PROTECTED] >Subject: DMZ Basics [7:10970] >Date: Wed, 4 Jul 2001 06:49:59 -0400 > >Hello all, > >I'd like to setup a DMZ in the near future and am still pondering >purchase of a PIX box. >Our interface to the outside world is through a Cisco 1600. > >So the DMZ would go: > >1600 -> PIX -> ? -> ISA box (microsoft proxy/firewall) > >I know I don't want the PIX talking directly to the ISA, but not too >clear what I'm going to put in between, and why (functionality). Our >webpages are hosted off site by a third party, I would want to keep my >mail server inside right? I would like to set up VPN in the future, >should it go through the box between the firewalls? >The DMZ doesn't simply double the challenge does it? As in "ok, you >got through one firewall, now try the next". > >Any enlightenment greatly misconduct and Nondisclosure violations to [EMAIL PROTECTED] Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=11320&t=10970 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DMZ Basics [7:10970]
The PIX is extremely versatile. 1. E-Mail Server You can put your mail server on the inside but I would suggest putting a smtp gateway on the DMZ. Have you MX record pointing to that device. 2. 1600 - PIX - ? - ISA I'm not sure why you would want to put something between the PIX and the Proxy server. You can do NAT at the PIX or the Proxy. You can set the Proxy for Authentication or set up a Radius or TACAS+ server to let the PIX do it. I would leave you configuration as it is with clients pointing to the Proxy for Internet Access and the Proxy go through the PIX. By default the PIX lets all trafic out. You can put an access list on the PIX and only allow traffic out from the Proxy Server and possibly you mail server. ""Sammi"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello all, > > I'd like to setup a DMZ in the near future and am still pondering > purchase of a PIX box. > Our interface to the outside world is through a Cisco 1600. > > So the DMZ would go: > > 1600 -> PIX -> ? -> ISA box (microsoft proxy/firewall) > > I know I don't want the PIX talking directly to the ISA, but not too > clear what I'm going to put in between, and why (functionality). Our > webpages are hosted off site by a third party, I would want to keep my > mail server inside right? I would like to set up VPN in the future, > should it go through the box between the firewalls? > The DMZ doesn't simply double the challenge does it? As in "ok, you > got through one firewall, now try the next". > > Any enlightenment greatly appreciated. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=11009&t=10970 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DMZ
Quite simply its an area between the router and say a firewall that is protecting the inner network. Alot of companies will place mail and internet servers there. They get less protection than those hosts behind the firewall but are available resources to both the internet side and the protected networks. Anyone improve on this please! Karl - Original Message - From: "Adekola, Dennis D" <[EMAIL PROTECTED]> To: "CISCO" <[EMAIL PROTECTED]> Sent: Wednesday, March 28, 2001 8:16 PM Subject: DMZ > Hi all > > I frequently hear the term DMZ (Demilitarized Zone) being thrown around me > > Can anyone please enlighten me > > Cheers > > Dennis > > -- --- > 21st century air travel http://www.britishairways.com > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DMZ
Another rough answer: Ok, the DMZ deals with a 3 part firewall. Basically, there is a LAN that hangs off of your firewall that contains your servers like the e-comm. and mail. Then you have your internal LAN where your users are. In order for your users to get out to the net they have to go through the servers on your DMZ right? Well if somebody out on the net was watching and waiting for you to come out, if they traced you and somehow got past the external FW, they would only reach your servers and not make it into your users LAN because to them the info originated from the servers. That's why it's called the Demilitarized zone...somebody can give a more detailed explanation...this was just Layman's terms...hope I helped. * This has been an Eyez Only streaming e-mail broadcast...We are watching. NetEyez - CCNP, CCDA - Original Message - From: "Adekola, Dennis D" <[EMAIL PROTECTED]> To: "CISCO" <[EMAIL PROTECTED]> Sent: Wednesday, March 28, 2001 2:16 PM Subject: DMZ > Hi all > > I frequently hear the term DMZ (Demilitarized Zone) being thrown around me > > Can anyone please enlighten me > > Cheers > > Dennis > > -- --- > 21st century air travel http://www.britishairways.com > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DMZ
The DMZ is an area of your network that the outside world has access to but is separated by security devices from the rest of your internal network. For example: InsideNetwork <---> Firewall <---> DMZ <-> Firewall/Router <---> Internet The DMZ would hold your file servers and web servers, for instance. A setup like this allows you to be more specific in your access control. HTH, John >>> "Adekola, Dennis D" <[EMAIL PROTECTED]> 3/28/01 12:16:50 PM >>> Hi all I frequently hear the term DMZ (Demilitarized Zone) being thrown around me Can anyone please enlighten me Cheers Dennis - 21st century air travel http://www.britishairways.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DMZ
DMZ stands for Demilitarized Zone and is also called a Permiter
network. A DMZ adds another layer of security between an external and
internal network. The purpose of the DMZ is that if someone is able
to break into your network like the WAN router or other device they
won't be able to see the traffic passed between hosts on your Internal
network, because the intruded upon device is on an external network on
a completely different segment than your LAN traffic. Some companies
place their mail servers and webservers on a separate segment from
their Internal LAN. If the web, mail, or DNS server is compromised,
your Internal LAN traffic is still protected from the intruder since
the hosts/devices in the DMZ aren't seeing indirect LAN traffic
because of the internal router.
Sample diagram:
{ Internet}
|
|
( + ) External router
|__
|__| | Server on DMZ segment
|
|
( + ) Internal router
|
--
| |
[ ] [ ]
| __| Host A|__] Host B
On 2 Feb 2001 12:32:36 -0500, [EMAIL PROTECTED] ("Snyder, LeRoy F")
wrote:
>Could anyone explian the DMZ process in a little
>more detial?
>
>-Original Message-
>From: John Chang [mailto:[EMAIL PROTECTED]]
>Sent: Sunday, January 28, 2001 4:25 PM
>To: [EMAIL PROTECTED]
>Subject: DMZ
>
>
>Does anyone know a good book or article on the web that explains DMZ in
>great detail? Thank you.
>
>_
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>_
>FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DMZ
Could anyone explian the DMZ process in a little more detial? -Original Message- From: John Chang [mailto:[EMAIL PROTECTED]] Sent: Sunday, January 28, 2001 4:25 PM To: [EMAIL PROTECTED] Subject: DMZ Does anyone know a good book or article on the web that explains DMZ in great detail? Thank you. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DMZ
Donload the pdf file from http://support.intel.com/support/express/routers/9500/dmz.htm Also look at Building Internet Firewalls by Elizabeth D. Zwicky and Brent Chapman, O'Reilly & Associates; ISBN: 1565928717 Larry Osei-Kwaku <[EMAIL PROTECTED]> wrote: > Does anyone know a good book or article on the web > that explains DMZ in > great detail? Thank you. > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > > = "Wear a smile and have friends; wear a scowl and have wrinkles." - George Eliot "the greatest glory is not in never falling, but rising up each time we fall." "The greatest man is not he who does not fall but he who falls and rises again to win" __ Do You Yahoo!? Yahoo! Photos - Share your holiday photos online! http://photos.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DMZ
John, http://www.pcwebopedia.com/ will give you a brief description. It is not really too complex. A DMZ is an area of intermediate security between the Internet and the internal network. The idea is to allow access to some resources (Web servers, mail servers, etc) for users coming from the Internet without allowing them full access into your internal network. This link discusses setting up a PIX firewall with a DMZ: http://www.cisco.com/warp/public/110/9.html Dave Swink > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > John Chang > Sent: Sunday, January 28, 2001 3:25 PM > To: [EMAIL PROTECTED] > Subject: DMZ > > > Does anyone know a good book or article on the web that explains DMZ in > great detail? Thank you. > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DMZ using DSL
Linksys sell a real cheap DSL router that connects to your dsl modem Duck - Original Message - From: Frank Wells <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, August 08, 2000 8:54 AM Subject: DMZ using DSL > Hey folks, > If I wanted to setup a DMZ using DSL as my Internet connection, what kind of > router(s) would you use to give me the three ethernet connections I would > need? > > -- > LAN- --DSL > -- >| >| > DMZ > > Cheers > > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
