Hi all I have an interesting situation and I need to know which solution is better from security standpoint.
In effect we have 2 networks that will run side by side with each other(picture named Option1) but with no physical connection(they are both in the same physical location). It was previously thought that those 2 networks shouldn't have any direct physical contact between them and when we need to connect to the servers from the core network we will use a VPN site-to-site to connect for uploading,administration,etc to improve security.
But now we are thinking of something else.We are thinking of creating a DMZ on the ASA of the core network and connecting to the server network through that DMZ for the uploading/administration purposes(picture named Option2).The server network will still access the internet through it's routers, users from internet will use internet links from server network to access the servers and only communication between 2 networks will be from the core network for the upload/administration purposes. Nothing will be allowed from server network to core network.
Which solution will work better and is more secure in your opinion? They both seem to have equal merit.Any help is appreciated.