I have a Cisco3600 as my internet gateway with one port going into a switched hub. I need to provide access to our intranet website for outside vendors. For security, I will be enabling the TCPIP filters to allow only ports 80 (HTTP, and 21 (FTP) to pass thru. I will also be enabling removing the anonymous login and enable the challenge and response authentication only for the website. A third option that I’m thinking of is running this on a DMZ, but I don’t know enough about this. I’ve been reading up on it but still have some questions. Do I need to have the server on a completely independent network or subnet than the rest of the network? Or can the zone be employed for a particular IP address such as that of the intranet server? The router only has one ethernet port so it can’t accomodate an independant zone just for that. Any thoughts?
