Como dito anteriormente, nossa implementação da DMZ contemplará o roteador que terá o NAT e ACLs para compor a mesma.
A configuração final do roteador da DMZ está listada abaixo:
rt_dmz#show run
Building configuration...
Current configuration : 1344 bytes
version 12.4
........ omitida ......
hostname rt_dmz
ip inspect name dmz http audit-trail on
interface FastEthernet0/0
ip address 192.168.0.254 255.255.255.0
ip access-group rede_interna in
ip inspect dmz in
interface FastEthernet0/1
ip address 190.16.1.2 255.255.255.252
ip access-group dmz in
interface Serial0/0/0
ip address 190.16.2.1 255.255.255.252
ip access-group rede_externa in
ip inspect dmz in
clock rate 2000000
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
ip access-list extended rede_interna
permit tcp any any eq www
permit icmp any any
deny ip any any
ip access-list extended dmz
permit icmp any host 192.168.0.1
deny ip any any
ip access-list extended rede_externa
permit tcp any host 190.16.1.1 eq www
permit icmp any host 192.168.0.1 echo-reply
logging 190.16.1.1
end
rt_dmz#Um exemplo simples de DMZ será demonstrado na figura que veremos a seguir.