I have some questions regarding NAT vs static routing.
Here is the physical setup: LAN-------ROUTER-------INTERNET | | DMZ
Router is an 1811 Both servers in DMZ (call them DMZ1 and DMZ2) have at least 2 NICs We have three public IP addresses
Right now, this is the logical setup:
LAN uses 10.0.0.0/21 DMZ uses 10.0.8.0/21 Router is 10.0.3.1 Router's FE0 is A.A.A.A and A.A.A.A is also dynamic NAT for LAN B.B.B.B is static NAT to DMZ1 C.C.C.C is static NAT to DMZ2
So, the question is this: Would it be better to just use static routes for the DMZ? If not, what is the advantage to using NAT in the DMZ rather than static routes? I had tried static routes before, and it solved the problem of needing split dns for internal/external access to the DMZ. One thing that strikes me as odd is that, using NAT, the router is the endpoint of any trace to DMZ1 or DMZ2, when, in my mind, it should simply be a hop between them.
Would it also be advisable to set up a separate VLAN for the DMZ, as well?