Hot Downloads



The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: Question Regarding NAT and Subnets

Question Regarding NAT and Subnets 14 years 10 months ago #62

  • Mikele
  • Mikele's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 1
  • Thank you received: 0

I have a question regarding Subnets. I try to setup NAT for server in Firewall's DMZ so it can connect to database server in firewall's LAN.

This is from the firewall's manual:

"Assign a subnet mask in the DMZ Subnet Mask field. The LAN and DMZ can have the same subnet mask, but the subnets must be different. For instance, the LAN subnet can be with a subnet mask of, and the DMZ subnet can be with a subnet mask of"

I read your Subnet Masks And Their Effect article.

My questions are:

1) is fall in the network range for Class B? How can a class B be used with Class C ' Default subnet mask?

2) Is it right that the DMZ and LAN should be on different Subnet/Network?

3) For hosting 3 domains on one IIS 5 server, is it right that I should configure 3 LAN's IP address on the Windows 2000 server (with one network card) and then configure One-To-One NAT that bind 3 public IP addresses with 3 LAN IP addresses?

Thank you in advance for your help

Best Regards

Question Regarding NAT and Subnets 14 years 10 months ago #63

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Administrator
  • Posts: 1447
  • Karma: 8
  • Thank you received: 13

Answering in order your questions:

1) the IP Address does fall into the Class B range and the default subnet mask is

The IP Addresses indicated on the manual as you posted, are clear examples to help you understand one type of way you can setup the machines in the DMZ zone.

The Class of IP Addresses you use in your DMZ or LAN zone depend on your network setup. If there is a gateway of some sort that hides the whole network from the internet, then your free to choose whatever class and subnetmask that suites your needs, which is the case for the example you provided.

The method of using a different subnetmask other than the default is called CIDR, and is covered on this site.

Because a Class B network gives you more IP Addresses than what you need, you divide that Class B network into smaller ones by using a different subnetmask. All ISP's use this method to help preserve the availability of IP Address on the Internet, and companies now use this method for the same reason, but to preserve IP addresses within their own private network and also to make it easier to manage.

2) DMZ zones MUST be on a different subnet or network. Having them on the same defeats the purpose of their existance.
Please read the DMZ zone page for more information.

3)The simplest way to host multiple domains is to point the NS (name server) records in the dns configuration panel of the company which they were bought to the public ip address of the windows 2000 server. Of course there are a few different options here... you can either point only the Cname www records (alias) to the w2k server so the server only deals with the websites for these domains, or you can choose to move the whole DNS structure for these sites to the win2k server, in which case you will need to setup a fully functional DNS server for these domains.

Let us know if there are certain areas which are still unclear.

  • Page:
  • 1
Time to create page: 0.135 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup