I’m building a new Data Center. We received a /27 from ATT and a /30 for point to point. We plan on using the /27 for DMZ connected to the firewall. What would be a good argument to use private IPs on the DMZ servers and then NATing them? Why wouldn’t I just use the Public /27 directly on the DMZ server? By doing this we eliminate complexity, and additional config that comes with NAT on the firewall. Users from the inside can simply use the public IP of the DMZ and the packet would use the default router to get to the firewall where DMZ (public IP) is connected. From the internet the traffic would use a static route on the ATT router that points to our firewall.
Do you see any reason for going with private IPs on the DMZ servers and then NATting them?
No comments:
Post a Comment