Re: VPN/DMZ configuration help
- From: Leythos <void@xxxxxxxxxxx>
- Date: Fri, 15 Jun 2007 09:23:04 -0400
In article <1181911406.298991.11290@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
shonuff6699@xxxxxxxxx says...
On Jun 15, 7:27 am, Leythos <v...@xxxxxxxxxxx> wrote:
In article <1181908406.792189.8...@xxxxxxxxxxxxxxxxxxxxxxxxxxx>,
shonuff6...@xxxxxxxxx says...
Here's my config:
WatchGuard Firebox x750e (version 8)
WatchGuard Firebox SSL Core VPN (version 5.1)
Public IP range: xxx.xxx.xxx.112/29
Private IP range: 192.168.10.0/24
Current Topology:
Internet --- Cisco 1700 --- x750e --- LAN
Here is the config I am trying to achieve:
Internet
|
Cisco 1700
|
x750e --- (DMZ) SSL Core VPN (172.16.10.0/24)
|
LAN (192.168.10.0/24)
If I have three of my public IP address currently mapped to the
external interface of the x750, how would I be able to give the
external interface of the SSL VPN appliance a public IP? I need
another IP block don't I? I think I am way overanalyzing this scenario
so I have confused the mess out of myself. Thanks for any help.
You could put the 750e in Drop-In mode and then all interfaces would
have the same addresses (meaning that LAN/DMZ would have the same IP as
the EXT and then you create rules, same as in Routed Mode, to map ports
between the Zones (LAN/DMZ).
You could also just forward the ports needed by the SSL to the VPN
appliance from the IP you want to use.
--
Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999f...@xxxxxxxxxx (remove 999 for proper email address)- Hide quoted text -
- Show quoted text -
Thanks for your reply Leythos. So what you are saying is that if I
want to run my SSL Core VPN in a true DMZ scenario I will have to
change my x750e to drop-in mode? The second option you gave for port
forwarding, if I use that I wouldn't have a true DMZ right?? So that
means I would just hook up the one interface of the SSL Core VPN?? I
called WatchGuard yesterday for some clarification and I am more
confused now than I was before. Thanks again.
This is the best I can do to help you:
http://www.watchguard.com/docs/faq/ssl-core_faq.asp#firewall
--
Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@xxxxxxxxxx (remove 999 for proper email address)
.
- References:
- VPN/DMZ configuration help
- From: Debo
- Re: VPN/DMZ configuration help
- From: Leythos
- Re: VPN/DMZ configuration help
- From: Debo
- VPN/DMZ configuration help
- Prev by Date: Re: VPN/DMZ configuration help
- Next by Date: Please recommend a firewall/VPN router to replace a ZyXEL ZyWALL 35
- Previous by thread: Re: VPN/DMZ configuration help
- Next by thread: Please recommend a firewall/VPN router to replace a ZyXEL ZyWALL 35
- Index(es):
Relevant Pages
|
