• United States

Monitoring a network through a DMZ

Jun 09, 20031 min
Data CenterSecurity

We are a managed service provider in the pre-launch phase of managing networks and IP telephony environments.

A Web console for one of the monitoring programs lets us connect to our internal network by IP addresss and DNS name. We want to be able to connect to this Web console via the Internet without compromising security. We could set up a computer in the demilitarized zone (DMZ) to have Internet Information Server (IIS) running on it. Then we would have this computer somehow connected to the management server through our Cisco PIX.

Is it possible to run this IIS-configured computer on a desktop PC? How should we connect this through our PIX to be able to connect only to the management server?

The Cisco PIX can be configured to connect to the management server from the DMZ or the Internet by using static commands with conduit or access-list commands in the configuration to map an Internet-visible IP address/port combination to the internal IP address/port on your Web console server.

A good explanation is available in the document “Using nat, global, static, conduit, and access-list Commands and Port Redirection on PIX.”