Designing Cisco ASA 5510

Unanswered Question
Apr 7th, 2008

Hi,


I'm responsable for an permiter design with one of my customers.

The situation i designed it is included in the attachement.


The question i have is. I have 4 interfaces on an asa 5510, First line of defense and we need 2 dmz zones. I can use 1 interface for provider connection. 1 interface with the perimeter netwerk. Can i use 1 interface for a redundant perimeter connection and 1 for a redundant provider connection. Or are the 2 interfaces left necessary for the dmz connections?



Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Collin Clark Mon, 04/07/2008 - 09:13

It is possible, but a little messy and it would be a pain to troubleshoot. Each server in the DMZ would need multiple NIC's and static routes.


Can you do it this way? 3 Interfaces (OUTSIDE, DMZ, INSIDE). OUTSIDE to DMZ would traverse the FW and traffic from DMZ to INSIDE would also traverse a FW, but it would be the same FW as OUTSIDE to DMZ. Is that OK? If not you'll need a second set of FWs.


HTH

jorg.ramakers Mon, 04/07/2008 - 22:59

Hi,


Is it possible to create subinterfaces (different Vlans)

As the DMZ is in the perimeter network, and it is between the Flod and Slod?


Best regards


Jorg

Collin Clark Tue, 04/08/2008 - 05:55

Yes you can create sub-interfaces. Not sure what you mean by Flod and Slod.

Collin Clark Tue, 04/08/2008 - 06:39

I originally thought of sub-interfaces and it will work, but I would suggest against it. It will b hard to document/troubleshoot. What are the requirements? Traffic must flow across different interfaces?

jorg.ramakers Tue, 04/08/2008 - 06:46

Hi,


I need to configure 2 different dmz zones. And both of the dmz should not communicate with each other. i only heve 4 interface 2 for redundant isp and 2 for redundant connection to the dmz switches.


Best regards


Jorg

jorg.ramakers Tue, 04/08/2008 - 23:29

Yes, It can work, i was hoping someone else would have another idea as you are suggesting against subinterfaces


But will rate your post.


Regards


Jorg

Actions

This Discussion