NAT, DMZ, port maps

bighornsheep

When running NAT, and you set a DMZ on say 192.168.0.1
but have port maps to 192.168.0.2

They are independent right? Port maps have a higher priority than DMZ?

hankooknara

is this related to CCNA question?

I am not trying to pick on anybody.. just trying to prepare for ccna exam and trying to know all the related topics on this ccna forum and saw this.

Did a search on my ccna materials but did not see any related topic to DMZ.
I know we are trying to learn as much as we can but I am trying to stay within the course to learn the right stuff for ccna.

Can someone tell me if this is exam objectives?(please do not flame me.. not a attempt to argue.. just trying to learn the right objectives)

jbkm

i test on monday and im pretty sure this is not CCNA testable. if it is them im probobly screwed!

Maybe he ment to toss this under the CCNP section.

Danman32

DMZ is a designation of the intended use of a network. DMZ = Demilitarized zone. It refers to a network with some security, but probably as secure as the internal network, but certainly separate from it, usually for the purposes of securing resources that will be routinely accessed from an unsecured network, such as the internet. This is where you would place a public web server, SMTP server, public DNS server, etc. Often it is NATed, but it doesn't have to be. There would be a firewall though between the DMZ and the unsecured network, but it could be as simple as port filtering on a router only allowing the required ports through to the hosts on the DMZ, with the DMZ hosts having internet addressable IPs, thus not requiring NAT.

DMZ is usually dealt with in exams, certs and courses dealing more with security than general routing.

bighornsheep

I figured it out. DMZ is indeed independent from port maps.

I'm trying to set a win2k3 box as the public server with HTTP, FTP services. But use RDP for my client machine, so I had to map the port to another ip.

Thanks for the explanation though.

Cheers.