Secure DMZ design - back to core switch??

Answered Question
Jun 20th, 2008

See attachment---

This DMZ was created before I started here...it goes back into the core switch...Any idea why they would do that, is it secure?

I want to create another DMZ, I have purchased two layer 2 switches (going to team the NICs, one NIC on each DMZ switch), what is the best way to interface the new DMZ switches to the ASA DMZ...I would need to use two interfaces on ASA, then what gateway would I use?? Or should I send it back into core switch like the other DMZ?? in order to use only one asa interface...

Attachment: 
I have this problem too.
0 votes
Correct Answer by jjohnston1127 about 8 years 5 months ago

What I would do is the following:

On the uplink port for your new DMZ switches, put them on an access port on the core switch in VLAN 20 (Your DMZ).

Plug your server NICs into the DMZ switches on whatever interface you want and they will automatically route through the core switch VLAN.

Use the ASA DMZ interface as your default gateway for the server. It will bounce through the core switch DMZ interface and hit the ASA.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
jjohnston1127 Fri, 06/20/2008 - 11:58

What I would do is the following:

On the uplink port for your new DMZ switches, put them on an access port on the core switch in VLAN 20 (Your DMZ).

Plug your server NICs into the DMZ switches on whatever interface you want and they will automatically route through the core switch VLAN.

Use the ASA DMZ interface as your default gateway for the server. It will bounce through the core switch DMZ interface and hit the ASA.

Actions

This Discussion