Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
370
Views
0
Helpful
2
Replies

ASA5505 and DMZ

satoshi.takano
Level 1
Level 1

‎06-09-2007 08:00 AM - edited ‎03-11-2019 03:27 AM

I am very familiar with the PIX, but new to ASA5500's.

I have a company that is looking to have a DMZ with mail, and web servers. The connection to the Net is a T1.

In the PIX days, I have no choice but to use a 515 with DMZ.

My understanding now is that I can have this on an ASA5505 with the Security Plus option to have a DMZ.

Question:

1. Is this the right assumption that I can get an ASA5505 with Security Plus for a full DMZ?

2. How many DMZ interfaces? I really only need one and put a switch behind it

3. Does the ASA5505 allow VPN tunnels to be established to it, and also allow Internet access through the same interface? I know in the PIX, that was not allowed.

Thanks!

Labels:
0 Helpful
2 Replies 2

Rodrigo Gurriti
Level 3
Level 3

‎06-09-2007 05:02 PM

Well I know that Security Plus allow you to have dmz but i'm not 100% that you can have dmz'S.

I have an ASA5505-50-BUN-K9 running with 3 vpn tunnels all my users can use the internet at the same time with no problem.

0 Helpful

pcomeaux
Cisco Employee
Cisco Employee

‎06-10-2007 05:13 AM

Hi -

Let me try to help.

Q1 - Yes

Q2 - Security Plus license provides 20 vlan interfaces. If you use 1 for outside, 1 for inside, that leaves you 18 left to do what you'd like to. Obviously, you would need to trunk to a switch to use more vlans than the included 8 interfaces.

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

Q3 - Yes, so does the Pix. Both the ASA and the Pix need "same security level traffic" enabled. The ASA/Pix code denies traffic between the same security level by default, which is the case when VPN users attempt to HairPin and go back to the internet through the same interface they terminate on.

Let us know if you have follow up questions.

thxs

peter

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card