Cisco



USING DMZ TO ALLOW PUBLIC IP ADDRESSESBEHIND THE FIREWALL ON RV320/RV325Purpose:With this guide you will be able to allow devices connected to the DMZ port of the router to use Public IP addresses. You will also be able to apply access rules to restrict traffic.Requirements:For this configuration to work you will need to make sure these requirements are met:The router needs to have a manually configured Public Static IP address. When configuring the public IP address make sure to use a subnet mask bigger than /32 so the extra public IP addresses are on the same subnet.All the public IP addresses need to be contiguous and belong to the same subnet.Note: Having a Static IP address assigned via PPPoE is not supported.Configuration:The configuration itself is pretty simpleAssign one the Public IP addresses on the range to the router.Under Setup, select Network, scroll to the bottom of the page and select Enable DMZ and then click Save.Once enabled, select the DMZ radio button and he on Edit.On the DMZ Connection screen, select Range (DMZ and WAN on the same subnet) and enter the Public IP addresses that you want to allow. Make sure they are on the same subnet as the IP address assigned to the router. Then click on Save.If you are planning to allow more than 1 public IP address then you will have to connect a switch to the DMZ port on the router.At this time you will be able to assign the actual public IP address to the devices connected to the DMZ port. Make sure to use the same subnet mask as the one configured on the Static IP address section of the router.By default, all the ports will be opened going to any of the Public IP addresses defined in the range. To restrict or allow ports you will need to create access rules.The most frequently used configuration is to close all the ports and then allow only the ones that you want to leave open. To do this go to Firewall then Access Rules and click on Add.On the Edit Access Rules page, use the following settings to block all access:Action: DenyService: All traffic [TCP&UDP/1~65535]Log: No log/Log packets matching this rule (Chose any)Source Interface: WAN1Source IP: ANYDestination IP: Enter the IP address (Range or Single depending on your configuration)Scheduling: (Select an schedule according to your preferences or leave it empty)Save the settingsAfter this is done, follow the next steps to allow just the desired ports to be opened. For this example we will use port 80. (Remember that you can add any needed ports using the Service Management button on the Access Rules page)Action: AllowService: HTTP [TPC/80~80]Log: No log/Log packets matching this rule (Chose any)Source Interface: WAN1Source IP: ANY (Or type the IP address or range that you want to allow access to)Destination IP: Enter the IP address (Range or Single depending on your configuration)Scheduling: (Select an schedule according to your preferences or leave it empty)Save the settings ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download