Intel 9515, 9525, 9535 manual DMZ Multiple IP Address Solution, IP Address Assignment

DMZ Firewall Solution for the Express Router

4 DMZ Multiple IP Address Solution

This solution explains how to set up a DMZ when the ISP supplies you with multiple IP addresses. In the example, the ISP has assigned the site a range of IP addresses: 193.84.251.0 to 193.84.251.7 (subnet mask 255.255.255.248).

Note: The services available on the DMZ can be placed on a single server. If this is done, you must configure NAT accordingly.

The solution does not configure NAT on the WAN interface (connection to the Internet). This eliminates problems with protocols that are not supported by the router’s NAT implementation.

4.1IP Address Assignment

The servers on the DMZ network have been assigned official public IP addresses. NAT is not required for these addresses. The secure private LAN consists of two networks, 89.20.0.0 and 90.2.0.0, which are official public IP addresses. You must use NAT to translate these addresses to private IP addresses.

Note: The first and last IP address in the range provided by the ISP must not be used for devices. The WAN connection to the Internet must be configured as unnumbered.

4.2Static Routing Setup

Configure static routing as follows:

∙Configure static routing on the Internet connection, LAN1, and LAN2. This is done in Advanced Setup by setting the Routing Protocol parameter to None/Static.

∙Define a static route on the WAN interface to the Internet. Use the default static route setting (network address of 0.0.0.0 and network address of 0.0.0.0) as shown in the example below.