I am trying to setup a Cisco ASA 5510 (with plus) to act as our main firewall as well as offer us DMZ services, for webserver/SSL Concentrators (Citrix and Cisco CVPN3015). What we would like to do is a dual homed DMZ, where one link is for the inside-DMZ and one link is for the outside-DMZ, where the SSL concentrators and webservers can act as their own gateways. The problem is on the outside / public DMZ, we would like to have this setup as a bridged network, between the outside interface and the outside-dmz interface. We still want to be able to filter on the outside-dmz interface, for security reasons.
Is there a way to do this? Do i need to setup a virtual outside interface to which the outside-DMZ interface is bridged?
The problem is, when reading the documentation on transparent firewalling, it seems to apply to the entire ASA, thus could be causing some problems since we are nat'ing the inside network to the outside and utilizing the CSC-SSM module for some data filtering for the inside network.
Actually we are using PAT as defined on the asa, not like ios router with nat overload statement. If someone knows a better way to do nat like in ios on a ASA , where we nat many inside addresses to one outside address, please let me know.
So anyone have any suggestions on implementing a bridged DMZ?