1. Home
  2. Networking Firewalls
  3. VPN/DMZ configuration help

VPN/DMZ configuration help

Here's my config: WatchGuard Firebox x750e (version 8) WatchGuard Firebox SSL Core VPN (version 5.1) Public IP range: xxx.xxx.xxx.112/29 Private IP range: 192.168.10.0/24

Current Topology: Internet --- Cisco 1700 --- x750e --- LAN

Here is the config I am trying to achieve: Internet | Cisco 1700 | x750e --- (DMZ) SSL Core VPN (172.16.10.0/24) | LAN (192.168.10.0/24)

If I have three of my public IP address currently mapped to the external interface of the x750, how would I be able to give the external interface of the SSL VPN appliance a public IP? I need another IP block don't I? I think I am way overanalyzing this scenario so I have confused the mess out of myself. Thanks for any help.

Reply to
Debo
Loading thread data ...

You could put the 750e in Drop-In mode and then all interfaces would have the same addresses (meaning that LAN/DMZ would have the same IP as the EXT and then you create rules, same as in Routed Mode, to map ports between the Zones (LAN/DMZ).

You could also just forward the ports needed by the SSL to the VPN appliance from the IP you want to use.

Reply to
Leythos

-

Thanks for your reply Leythos. So what you are saying is that if I want to run my SSL Core VPN in a true DMZ scenario I will have to change my x750e to drop-in mode? The second option you gave for port forwarding, if I use that I wouldn't have a true DMZ right?? So that means I would just hook up the one interface of the SSL Core VPN?? I called WatchGuard yesterday for some clarification and I am more confused now than I was before. Thanks again.

Reply to
Debo

text -

This is the best I can do to help you:

formatting link

Reply to
Leythos

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.