J. Oquendo,
I don't know the routing for the vlan's, so I will assume they have
a layer 3 switch or router in place to determine these are going to
the DMZ. The DMZ only needs a route (i.e. static) for the policies or
ACL's what ever box this DMZ is on. You will need to give access from
VLAN C to VLANB via the policy or ACL in the DMZ. Now traditionally
the Object is just the way of pre-programming the networks you want
and then you can add them to your policy by name or IP. Your policy
should read something like: access-list permit VLANB_VLANC ip host
172.16.20.1 255.255.255.255 host 172.16.30.1 255.255.255.255. This is
a common Cisco ACL. You may have to work with it, as it is late and I
am pulling the ACL from memory.
Thanks,
Chris
On Jan 30, 2007, at 8:08 PM, J. Oquendo wrote:
> Hey all, trying to help someone with an idiotic VLAN/DMZ issue:
>
> Breakdown: Admin has the following:
>
> NetworkA 172.16.20.1 (VLAN B)
> MachineA 172.16.20.5 (Windows)
>
> NetworkB 172.16.30.1 (VLAN C)
> MachineB 172.16.30.2 (Windows 2003)
>
> Supposedly Machine is thrown in a DMZ and they want to be able to
> create an object of sorts to do forwarding: e.g.:
>
> Object = 172.16.20.250 --> Redirects to MachineB
>
> Easiest fool-proof method? I don't know enough about their topology
> to know what their VLAN trunking is, nor their rules.
>
> --
> ====================================================
> J. Oquendo
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
> sil . infiltrated @ net http://www.infiltrated.net
> The happiness of society is the end of government.
> John Adams
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
|