OVM and DMZ

Similar Messages

• Workgroup and DMZ clients

  Hello Folks,
  We are having Some workgroup computers and DMZ servers to manage. We follwed the below procedure to install client agent in a Worgroup computer
  1. Enabled WMI and Filesharing in client machine.
  2. Copied client agent folder on Workgroup machine and manually installed Agent with command line arguments.
  3. Then approved the client machine in console and the policies started flowing into client machine.
  4. But we are unable to deploy application to this PC.
  Below are the errors we are receiving in CCM log from Primary site server.
  ---> Attempting to connect to administrative share '\\<ComputerName>\admin$' using account 'Domain\NAA' SMS_CLIENT_CONFIG_MANAGER 12/02/2015 11:41:52 7464 (0x1D28)
  ---> WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account Domain\NAA (00000035) SMS_CLIENT_CONFIG_MANAGER 12/02/2015 11:41:52 7464 (0x1D28)
  ---> The device QVMTEST12 does not exist on the network. Giving up SMS_CLIENT_CONFIG_MANAGER 12/02/2015 11:41:52 7464 (0x1D28)
  ---> ERROR: Unable to access target machine for request: "2097152160", machine name: "QVMTEST12",  access denied or invalid network path. SMS_CLIENT_CONFIG_MANAGER 12/02/2015 11:41:52 7464 (0x1D28)
  Execute query exec [sp_CP_SetLastErrorCode] 2097152160, 53 SMS_CLIENT_CONFIG_MANAGER 12/02/2015 11:41:52 7464 (0x1D28)
  Applications which we deploy is showing up in Software Center. But if we click Install the below error comes in:
  Is there any other configuration which I need to do or enable for Workgroup computer support. Please help.
  V I S H N U

  Hi,
  Please check the article for the ports used by SCCM.
  https://technet.microsoft.com/en-us/library/hh427328.aspx
  Best Regards,
  Joyce
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• WSUS - SSL and DMZ servers - 0x80072f8f

  Hello,
  First of all sorry for my english.
  I've got error 0x80072F8F when i try to use WSUS (that is in the internal network) on my DMZ's servers.
  Wsus server is a Wsus 3.0 SP1 on Windows 2003 (SSL enabled on port 8531)
  DMZ's servers are Windows 2008 R2
  1 - I have installed the root certificate of my PKI on the trust root certificate store of the DMZ's servers
  2 - I have modified the Hosts file of the DMZ's servers for name resolution of the internal WSUS server therefore the wsus web certificate subject match the Wsus URL of the DMZ's servers.
  3 - I created firewall rule for open the communications on port 8531 between DMZ's servers and Wsus server
  4 -I created firewall rule for the download of the Certificate revocation list (of the WSUS certificate) by the DMZ's servers
  5 - I am able to download
  https://wsusserver/selfupdate/wuident.cab and there is no certificate error
  6 - I am able to dowload the CRL of the WSUS certificate
  7 - There is no time difference between Wsus server and DMZ's servers
  But after all that when i run a 'wuauclt /detectnow' the DMZ's servers failed on the SelfUpdate check with error 0x80072F8F
  anyone have a idea ?
  WindowsUpdate.log :
  WARNING: Send failed with hr = 80072f8f.
  WARNING: SendRequest failed with hr = 80072f8f. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
  WARNING: WinHttp: SendRequestUsingProxy failed for <https://WSUSserver:8531/selfupdate/wuident.cab>. error 0x80072f8f
  WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072f8f
  WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072f8f
  WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072f8f
  FATAL: SelfUpdate check failed, err = 0x80072F8F

  Wsus server is a Wsus 3.0 SP1 on Windows 2003 (SSL enabled on port 8531)
  The first step here is to either properly identify the actual version of WSUS in use, or to apply all of the required patches.
  5 - I am able to download
  https://wsusserver/selfupdate/wuident.cab and there is no certificate error
  WARNING: WinHttp: SendRequestUsingProxy failed for <https://WSUSserver:8531/selfupdate/wuident.cab>. error 0x80072f8f
  The second problem here is that SSL should *NOT* be used on the /selfupdate v-dir, so it seems that you have not properly configured the WSUS SSL implementation. Please refer to
  Secure WSUS with the Secure Sockets Layer Protocol for the proper procedures.
  Note also that there is a known issue with the April Update for Win8.1/WS2012R2 and WSUS SSL environments, so if you have Win8.1/WS2012R2 systems, since installing the update is fundamentally required, you should consider deferring the implementation of
  SSL on WSUS until the patch for that issue is released.
  Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
  SolarWinds Head Geek
  Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
  My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
  http://www.solarwinds.com/gotmicrosoft
  The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

• Port forwarding and DMZ refuses to work properly on WRT54G wireless router.

  I have a network setup on the wireless WRT54G version 8 (with latest firmware) router and port forwarding and DMZ refuse to work correctly. I'm trying to use bittorrent and connect my xbox360 to my computer and neither work properly even after setting up port forwarding in the "Applications and Gaming" tab.
  here's a screenshot of my port forwarding page:
  http://img205.imageshack.us/img205/1497/linksysbg2.jpg
  here's a screenshot of the DMZ page (my computer's IP ends in 102 obviously):
  http://img510.imageshack.us/img510/2131/linksys1rf5.jpg
  now, I've experienced this type of problem before. On a different linksys router a year or 2 back I remember the DMZ never working on that one either and I eventually had to buy a d-link router which worked perfectly. I'm only using this wireless router because it's my roommates and he brought it up. Somebody please explain to me why this isn't working correctly. I am becoming more and more frustrated as I lose faith in linksys routers. Thanks

  Did you tired upgrade of the firmware on the router??
  Also after upgrade reset & reconfigure the router for few seconds ... so that the firmware works properly for longer time ....

• RV042(G) PPPoe and DMZ how it works

  There is some information about RV042(G) PPPoe and DMZ which not documented and even not published in community forum:
  How DMZ works if WAN1 configured for PPPoe (e.g. ADSL) uplink port with dynamic address, gateway and dns assigment (and WAN 2 configured for DMZ).
  DMZ port got PPPoe pass trough to WAN1 uplink port?
  DMZ port is behind a ppp stack?
  DMZ port is behind a nat?
  I think DMZ port is not behind a firewall.
  How I configure DMZ port with static address if uplink wan port has dynamic address?
  How I configure DMZ port with static address if uplink wan port has only one dynamic address (assined at authentication) not a all address range?
  How change operation above if WAN1 configured for direct ethertnet connection with DHCP address assignment (and WAN 2 configured for DMZ)?
  Anybody can explain for us. Thanks for any authentic answer.

  Any data alongside the TM backups on the same volume cannot be backed up. To backup data that resides on the same physical disk spindle as TM backups you MUST separate the data to be backed up from the TM backups. This can be done by partitioning the disk into two pieces. Volume1/partition-1 can be "Time Machine Backups" and Volume2/partition-2 can be for your other data.
  In the TM Pref panel's Options... tab simple ensure Volume2/partition-2 is not in the exclusion list.

• Public,pvt and dmz nodes

  Hi..
  I would like to know the difference between Public, Private and DMZ nodes. BY logging to the server , how can we find out which of the above three, it is ??
  My understanding is Public node is accessible to all, private and dmz are limited to a particular set of people or a geography.
  How many public,pvt and dmz nodes can we have in E-Business suite ( i guess number is not defined, and we can have as many as we want)
  Thx

  Hi,
  You would be better of configuring the public IP address on the "outside" interface of the ASA5505
  By default you will have some Vlan interface which has all the IP address configurations under it. That Vlan is then attached to some interface. In your case it seems to be Ethernet0 Port.
  With the public IP address configured on the "outside" interface you could then use port forward to forward the Web service to the DMZ server
  Heres an example configuration
  interface Vlan2
  description OUTSIDE
  nameif outside
  security-level 0
  ip add 1.1.1.1 255.255.255.252
  interface Vlan1
  description INSIDE
  nameif inside
  security-level 100
  ip add 10.10.10.1 255.255.255.0
  interface Vlan10
  no forward interface Vlan1
  description DMZ
  nameif dmz
  security-level 50
  ip add 192.168.10.1 255.255.255.0
  object network WEB-SERVER
  host 192.168.10.10
  nat (dmz,outside) static interface service tcp 80 80
  access-list OUTSIDE-IN permit tcp any object WEB-SERVER eq 80
  access-group OUTSIDE-IN in interface outside
  The above configuration is meant to illustrate
  "outside" , "inside" and "dmz" interface
  The "dmz" interface is configured with the "no forward interface Vlan1" configuration as that is the only way to active a third Vlan interface on an ASA5505 with only Base License. This will prevent "dmz" host from opening a connection to "inside". Notice though that "inside" host can still open connection towards the "dmz"
  Static PAT or Port Forward configuration between "outside" and "dmz" which provides the DMZ server 192.168.10.10 visibility to Internet using the "outside" interface public IP address. The only service forwarded to the "dmz" server is TCP/80/www
  OUTSIDE-IN in the access-list attached to the "outside" interface to allow Web traffic from any source address to the DMZ server.

• Static NAT refresh and best practice with inside and DMZ

  I've been out of the firewall game for a while and now have been re-tasked with some configuration, both updating ASA's to 8.4 and making some new services avaiable. So I've dug into refreshing my knowledge of NAT operation and have a question based on best practice and would like a sanity check.
  This is a very basic, I apologize in advance. I just need the cobwebs dusted off.
  The scenario is this: If I have an SQL server on an inside network that a DMZ host needs access to, is it best to present the inside (SQL server in this example) IP via static to the DMZ or the DMZ (SQL client in this example) with static to the inside?
  I think its to present the higher security resource into the lower security network. For example, when a service from the DMZ is made available to the outside/public, the real IP from the higher security interface is mapped to the lower.
  So I would think the same would apply to the inside/DMZ, making 'static (inside,dmz)' the 'proper' method for the pre 8.3 and this for 8.3 and up:
  object network insideSQLIP
  host xx.xx.xx.xx
  nat (inside,dmz) static yy.yy.yy.yy
  Am I on the right track?

  Hello Rgnelson,
  It is not related to the security level of the zone, instead, it is how should the behavior be, what I mean is, for
  nat (inside,dmz) static yy.yy.yy.yy
  - Any traffic hitting translated address yy.yy.yy.yy on the dmz zone should be re-directed to the host xx.xx.xx.xx on the inside interface.
  - Traffic initiated from the real host xx.xx.xx.xx should be translated to yy.yy.yy.yy if the hosts accesses any resources on the DMZ Interface.
  If you reverse it to (dmz,inside) the behavior will be reversed as well, so If you need to translate the address from the DMZ interface going to the inside interface you should use the (dmz,inside).
  For your case I would say what is common, since the server is in the INSIDE zone, you should configure
  object network insideSQLIP
  host xx.xx.xx.xx
  nat (inside,dmz) static yy.yy.yy.yy
  At this time, users from the DMZ zone will be able to access the server using the yy.yy.yy.yy IP Address.
  HTH
  AMatahen

• OVM and OCFS2 1.6

  Ok this question may be a little complicated so I'll start by explaining what I'm trying to achive.
  I have 3 OVM 2.2.1 servers in 1 Server pool running OCFS2 on an EMC SAN.
  I also ave an Oracle Enterprise Linux server which connects to the same ocfs2 cluster for performing backups of the VMs.
  Currently I have to pause all VMS and backup the shared storage in order to backup all of my VMs.
  I would like to use reflink so I can do this without pausing them.
  Can I achieve this by
  1 upgrading all OVM servers and my OEL Server to OCFS2 1.6 or is the Kernel upgrade not supported in OVM 2.2.1
  or
  2 Upgrading my OEL server to OCFS2 1.6 and doing the reflinks there, but leave the OVM machines on 1.4 as the doco states the 1.4 and 1.6 are compatible with one another.
  Thanks in advance

  Hi,
  unfortunately OCFS2 1.6 is not yet supported on OVM 2.2.1.
  I am waiting all day that Oracle will finally release OVM 3.0, which will incorporate the new OCFS2 1.6 with all it functions.
  This would also resolv your problem then...
  Regarding your second option, I don't know if this will work. But it seems the only solution you have right now...
  Sebastian

• ConfigMgr 2012 R2 and DMZ Questions

  I am working with a client who's security team has been a challenge.  They do not want to open any of the RPC Dynamic Range ports needed for communication between certain roles on the Primary Site server and a server they want setup in one of their
  DMZ's. 
  They have a domain in the DMZ and all devices are a member of that domain.  We successfully setup a management point but can't publish since the ports from the primary site server to a DC in the DMZ are not open.  We placed a DNS service locator
  record in the DMZ and when we manually install the clients add the DNSSUFFIX and point to the MP in the DMZ.  The clients are reporting at this point.  However, they are not getting any software updates since the DP can't install and we don't allow
  failover to any other DP.
  The client has said that there has to be other solutions.  The solution we are using isn't best practice I know that.
  I guess there are three solutions here, correct?
  1.  Open DMZ site ports for clients to communicate only to ConfigMgr Server.  (Not secure)
  2.  Keep current design of MP/DP/SUP in DMZ?
  3.  Put a secondary site in DMZ?
  I have two questions about 2 and 3.  Why should we add the SUP?  Shouldn't the client talk to the Management Point and the management point sends the request to the SUP on the ConfigMgr?   So can't we ditch that extra SUP?  
  Also, even if we put a secondary site in the DMZ, we will still run into port issues since the client is refusing to open RPC Dynamic port ranges?
  Kristopher Turner | Not the brightest bulb but by far not the dimmest bulb.

  Yes 3 is out ConfigMgr wise.
  I would not call 1 insecure though. Open ports are not insecure, that's a myth perpetuated by those who don't know what a port is. Network security is about controlling the traffic and securing the endpoints. Ultimately, that may be a battle you won't win
  though because of political reasons and the perpetuation of myths in network security and the purpose of DMZs.
  Option 2 is what most/nearly all folks go with. If one port is open, you may as well open them all because security wise there is no true difference so any resistance here is ignorance. As long as the traffic is confined to a single endpoint, the port its
  using makes no difference and the level of security comes down to, as mentioned, the security posture and controls in place on that endpoint itself -- who cares that the traffic has a data field set to 80 or 443 or 1024 as long as the target is well controlled, "secured", and
  monitored.
  There ultimately aren't any other ways (besides 1 and 2) to accomplish this using only ConfigMgr proper. The ports required are well documented on TechNet so there's no magic to make these go away.
  Another architectural solution however is to use reverse proxy. This is a twist on choice 1 except that all client traffic passes through the reverse proxy instead to reach the internal site systems.
  Jason | http://blog.configmgrftw.com

• BO 3.1 SP3 and DMZ Deployment

  We are using BusinessObjects 3.1 SP3 for Internal use. We are scaling our system and now we have a requirement where BO reports should be accessible to External users. New Infrastructure will look like: External User --> Firewall --> DMZ --> Firewall --> Internal Network --> BO web server --> BO App server
  1. What is the best practice in deploying BO in DMZ?
  2. What are the licensing agreement if we build new BO web server and put that in DMZ?
  If someone have implemented same model before please share your experience and security risk involved?
  Cheers, Prateek

  Excel 2010 is not suportive by BO XI 3.. It is possible in BO XI 4.0. You can try What Gowtam Allu said, but I am not sure if it works.
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/4079f8f6-2b49-2d10-d790-bc596012dc25?quicklink=index&overridelayout=true

• Poor disk io thourghtput on OVM and guest VM

  We are using DELL R720 with H710 raid controller.
  A wired problem about the disk io was discovered during tests.
  We found that the disk throught on VM server(OVS repo) and VM guest are only about 1/3 of the physical server, around only 50M/s.
  We are tring to compare disk io write with simple dd instruction on following enviroments with same hardware
  The test cases are:
  (H710, 2T 7200rpm * 8 configured with RAID10 as two virtual disks, first for ovm, second for OVS repo)
  1. Centos 6 installed directly
  2. OVM 3.2.1, sda
  3. OVM 3.2.1, /dev/mapper/36848f690ec834b0018df77d30704a452 (used by OVS repo)
  4. Guest vm Oracal Linux 6.0 on OVM 3.2.1,pvm (using local physical disk as OVS repository)
  The result is:
  1.Centos 6 installed directly
  dd if=/dev/zero of=~/a.out bs=16k count=20000 oflag=direct
  20000+0 records in
  20000+0 records out
  327680000 bytes (328 MB) copied, 1.85022 s, 177 MB/s
  2. OVM 3.2.1, sda
  dd if=/dev/zero of=~/a.out bs=16k count=20000 oflag=direct
  20000+0 records in
  20000+0 records out
  327680000 bytes (328 MB) copied, 2.5659 seconds, 128 MB/s
  3.OVM 3.2.1, /dev/mapper/36848f690ec834b0018df77d30704a452
  dd if=/dev/zero of=/OVS/Repositories/0004fb00000300000102bf00d2adeb8a/a.out bs=16k count=10000 oflag=direct
  10000+0 records in
  10000+0 records out
  163840000 bytes (164 MB) copied, 3.00933 seconds, 54.4 MB/s
  4. Guest vm Oracal Linux 6.0 on OVM 3.2.1,pvm
  dd if=/dev/zero of=~/a.out bs=16k count=20000 oflag=direct
  20000+0 records in
  20000+0 records out
  327680000 bytes (328 MB) copied, 7.60928 s, 43.1 MB/s
  We can see that on pure Centos 6 we got the reasonable disk io, on OVM sda the score is slower but still acceptable.
  But on OVM disk and guest VM, we saw a big drop.
  An interesting thing is : I have 3 guest vms on this vm server, when I run a same dd command samultaniously on 3 guest vms, I can still
  get the same score. Adding them together we get a 120+ MB/s throughput.
  I guess the reason might be that OVS put a io threshold on both OVS and each vms on it to make sure no single vm can drain up all disk io
  in order to preserve some to other vms ?
  I plan to use mongo db on the guest vm if the io is close to the real machine, could anyone please help me improve the disk io ?
  thanks a lot!
  Edited by: user12945979 on 2013-5-1 上午9:21
  Edited by: user12945979 on 2013-5-3 上午5:10
  Edited by: user12945979 on 2013-5-3 上午5:14

  Thanks for your advice,
  I followed played below tests against physical server(Centos6) and Oracal vm guest server(OL6,pvm).
  fio -filename=/srv/test.out -direct=1 -rw=randwrite -bs=4k -size=2g -numjobs=8 -runtime=60 -group_reporting -name=test
  fio -filename=/srv/test.out -direct=1 -rw=randread -bs=4k -size=2g -numjobs=8 -runtime=60 -group_reporting -name=test
  fio -filename=/srv/test.out -direct=1 -rw=randrw -bs=4k -size=2g -numjobs=8 -runtime=60 -group_reporting -name=test
  fio -filename=/srv/test.out -direct=1 -rw=read -bs=4k -size=2g -numjobs=8 -runtime=60 -group_reporting -name=test
  fio -filename=/srv/test.out -direct=1 -rw=write -bs=4k -size=2g -numjobs=8 -runtime=60 -group_reporting -name=test
  fio -filename=/srv/test.out -direct=1 -rw=read -bs=4k -size=2g -numjobs=8 -runtime=60 -group_reporting -name=test
  fio version is 2.0.13
  The results shows random read on VM guest matches about 60% of physical server, and random write about 90%.
  But sequential read only counts about 42% and write 35%.
  I am not sure if the big drop on sequential read/write performance is reasonable. Maybe I did something wrong ?
                           Physical     VM guest
  randwrite(4k,60s)     write iops     2385          2114
                 bw(k)          9542          8456
  randread(4k,60s)     read iops     1455          838
                 br          5822          3352
  randrw(4k,60s)          read/write iops     791/794          569/565
                 b r/w           3167/3176     2278/2260
  write(4k,60s)          write iops     14465          5114
                 bw(k)          57864          20457
  read(4k,60s)          read iops     48870          20985
                 br           195483          83940
  Edited by: user12945979 on 2013-5-3 上午5:16

• IChat and DMZ

  Greetings.
  After months of not being able to chat with my wife and children through iChat, I have found a partial solution that I would like to share with you. At the same time I would like to ask for your help, in hope that the problem can be solved completely.
  My problem (and every other iChat user's - apparently) was that when I called anyone at home (using iChat) from outside, I was getting an "user did not respond" message.
  I read much about this problem on this forum and elsewhere in the Internet, but none of the solutions proposed worked (to make things worse, I have a very limited knowledge of what I was doing: - port forwarding???).
  But recently I came across a couple of postings that seemed to point in the direction of something called DMZ. Happily, after playing with this setting for a while, I am now able to iChat with my wife consistently.
  What did I do? Originally I had set DMZ (enabled) with the LAN address of the router 10.0.1.1. Instead, I configured DMZ with the address of my wife's computer. And it worked!
  This is my setup:
  1 ADSL Router (Zoom Zoom X5v 5565 - NAT enabled, DHCP enabled, DMZ enabled, no ports forwarded)
  1 Airport Extreme Base (NAT disabled, no ports forwarded)
  1 iBook, 2 iMacs (IP address set manually, all running OS X 10.4.6, connected through Airport)
  My question: Putting my wife's LAN address on the DMZ configuration means that her computer is the only one I can iChat to. Obviously I world like to be able to talk to the other computers too!
  I have tried to use the Router IP address and the Airport Base address instead, to no avail. I have also tried to disable DMZ, again with no success.
  Any ideas?
  Kind regards from Spain.
    Mac OS X (10.4.6)   iChat and Airport

  Hi Manuel,
  Welcome to the Apple Discussions.
  Ok the way you have your devices set up yuo have DMZ from the modem to one computer on the LAN through the Airport which is not doing NAT or DHCP.
  With some changes you can have the modem not doing DHCP and the Airport asking for a Static IP from the modem. The Airport can then do DHCP and NAT to the computers beyond this.
  Even better will be if your mdoem is logging on to the ISP with PPPoE as you can ask the Airport to do this then there is no problems with NAT.
  DMZ is an extreme form of Port Forwarding and uses NAT.
  The things to avoid is two lots of DHCP and two lots on NAT.
  This Page at PortForward.com is not the exact modle you have but should give you some idea of the set up pages of the modem.
  I can not see that this device in the pics has UPnP and it difinitely does not have Port Triggering that would ideally allow connection to mulitple computers. It might be that your device does have UPnP, being a different model or possibly different firmware from the link I gave.
  DMZ doe in fact open all ports and protocols to one computer.
  Port Forwarding the correct ports to the same IP would limit the ports that are open.
  The ports shown on the Port Forward site are in fact wrong at the moment.
  You should use the ones listed here http://www.ralphjohnsuk.dsl.pipex.com/page4.html You do not have to set them in the Mac firewall but the same 29 ports needs to be set in the modem. The method of setting them can be used from the Port Forward page.
  11:08 PM Thursday; June 22, 2006

• JMS and DMZ

  Hi there,
  I would like to write an application with JMS API that send messages from web server to an app server. The thing is that web servers are in the DMZ and only HTTP protocol can go through the firewall instead of JMS. Could anyone give out some suggestions to solve the problem?
  James

  Hi,
  Alternatively you can use JMS over http or https. Several JMS providers offer http transport: ArjunaMS, SonicMQ, FioranoMQ, etc..
  Hope it helps
  Arnaud
  www.arjuna.com

• EIGRP and DMZ distribution - Cisco ASA

  I have been able to get EIGRP  working successfully in the lab like I want.
  Attached is the network overview:
  We have a Data Center and Corporate office connected via Point to Point Fiber link, eventually we will have two of these
  Two 4948E switches in the Data center acting as cores setup with GLBP
  Corporate Office has a 3750X acting as a core
  Currently two 4948E's are connected to each other via Port Channel and a L2 trunk
  Two set of ASA 5520's one acting as a firewall and for Cisco Any Connect and second for site to site VPN
  What is the best way/pratice that I can distribute this DMZ via EIGRP?  Should I just leave it static on the core like this?
  DMZ Net = 192.168.150.0/24
  Inside Interface = 192.168.200.255
  On the core I create a static route "ip route 192.168.150.0 255.255.255.0 192.168.200.255".  Or a statement like this would be better for future DMZ additions "ip route 0.0.0.0 0.0.0.0 192.168.200.255"?

  Hello Mohammad,
  I would recommend you to advertise them via EIGRP, better funcionality, escalability,etc,etc,etc.
  Regards

• RV042G - PPPoE and DMZ Range

  Is there anybody at Cisco that could escalate a change in the firmware with engineering?  I have called, emailed, posted on this forum, etc., about this and have been told it would be sent to engineering and I have never heard anything further.
  The issue is:  I have a DSL business account that connects using PPPoE.  I have a /29 IP block that is routed through that connection.  When I set WAN 1 to PPPoE, I can't set a range in DMZ.  It REQUIRES a Static IP on WAN 1.  If I set the DMZ range and then change the WAN 1 back to PPPoE, it will connect and it does work, however I can't trust it since there is a check in the firmware.  I would be willing to beta test this if I could get someone to assist in getting the change made to the firmware.
  I think this would be a simple change to a router than could be a big deal.  There are tons of small businesses that are going this route and there aren't a lot of routers that will accommodate this without spending a ton of money. 
  ANY help would be appreciated!!

  Cindy - Thanks for you continued interest in helping me solve this.  It seems to be a relatively simple change to make. Not requiring that WAN 1 have a Static IP when the DMZ is set to an IP range, would solve the issue.  PPPoE static accounts will route multiple public IPs through a WAN connection so it isn't necessary to always have a Static IP type .  I know you are attempting to simplify the interface for novices, but there needs to be an expert mode that allows people who know what they are doing to not be frustrated.
  Sadly, I have a list of ticket numbers and I am not sure which one was for this issue.  It should be under my username sp1152211811 and it would be the last one.  The call was made 3-4 months ago and the tech indicated he would escalate. I also emailed a support engineer - who had sent me the RV042G and told me it would work - and explained the issue.  He told me to call and put a ticket in which I did.  I should have written down the badge number of the tech.  He acted like he thought it was a great idea and the RV042G should have worked that way to start with.
  Last night I switched to a TP-Link router, however I am open to going back to the RV042G if this issue could be resolved.