Site hosted by Angelfire.com: Build your free website today! 
DMZ Implementation
------------------
The District network will include a Demilitarized Zone (DMZ). The DMZ 
will contain all Internet accessible servers (eg. mail server,file 
server, etc.). 
Additionally, each school will have it's own local mail, file, and proxy
servers (as well as any other servers the school wishes to implement).
All local school traffic leaving/entering the school's network must do 
so via these servers, giving a greater administrative control over 
acceptable content, and also superior security.


Equipment
---------
DMZ Switch:DGS-1008TL - $369.00*

Firewalls:  Cisco-3661AC - $28298.49*


Diagram
-------






ACLs
----

External Firewall:

!
interface serial 0
ip address 172.155.27.61 255.255.255.0
ip access-group 101 in
ip access-group 102 out
!
access-list 101 permit tcp any host 10.0.1.4 eq 80
access-list 101 permit tcp any host 10.0.1.4 eq 53
access-list 101 permit tcp any host 10.0.1.5 eq 25
access-list 101 permit tcp any host 10.0.1.6 eq 21
access-list 101 permit tcp any host 10.0.1.6 eq 20
access-list 101 deny any any
!
access-list 102 permit tcp 10.0.0.0 0.255.255.255 any established
access-list 102 deny any any
!
interface ethernet 0
ip address 10.0.1.1 255.255.0.0
ip access-group 103 out
ip access-group 104 in
!
access-list 103 permit tcp any host 10.0.1.4 eq 80
access-list 103 permit tcp any host 10.0.1.4 eq 53
access-list 103 permit tcp any host 10.0.1.5 eq 25
access-list 103 permit tcp any host 10.0.1.6 eq 21
access-list 103 permit tcp any host 10.0.1.6 eq 20
access-list 103 deny any any
!
access-list 104 permit tcp 10.0.0.0 0.255.255.255 any established
access-list 104 deny any any


Internal Firewall:

!
interface ethernet 0
ip address 10.0.1.2 255.255.0.0
ip access-group 101 out
ip access-group 102 in
!
access-list 101 permit tcp any host 10.0.1.4 eq 80
access-list 101 permit tcp any host 10.0.1.4 eq 53
access-list 101 permit tcp any host 10.0.1.5 eq 25
access-list 101 permit tcp any host 10.0.1.6 eq 21
access-list 101 permit tcp any host 10.0.1.6 eq 20
access-list 101 deny any any
!
access-list 102 permit tcp any 10.0.0.0 0.255.255.255 established
access-list 102 deny any any
!
interface ethernet 1
ip address 10.0.1.3 255.255.0.0
ip access-group 103 out
ip access-group 104 in
!
access-list 103 permit tcp any 10.0.0.0 0.255.255.255 established
access-list 103 deny any any
!
access-list 104 permit tcp any host 10.0.1.4 eq 80
access-list 104 permit tcp any host 10.0.1.4 eq 53
access-list 104 permit tcp any host 10.0.1.5 eq 25
access-list 104 permit tcp any host 10.0.1.6 eq 21
access-list 104 permit tcp any host 10.0.1.6 eq 20
access-list 104 deny any any

*see semester 1 work for details