08-01-2008 12:54 PM - edited 03-11-2019 06:24 AM
We have an existing an ASA that we want to configure a DMZ. A secure FTP server with public IP will be connected to the DMZ.
Is the configuration as simple as,
1. Configure the new interface with security level,
2. enable routing statement,
3. enable access list to allow traffic to the FTP server.
Employees on the LAN and others would access the FTP through the Internet. NAT is presently done by the outside int. of ASA.
Would configuring the DMZ effect production/network connectivity?
Thanks.
Said
08-01-2008 02:01 PM
Said,
I do not see a reason of network interuption by configuring new interface for your DMZ network, however, it is of good practice to making major FW changes during non-production hours.
You may want to reference these two links which resambles your scenarion and requirements.
FTP - ASA firewalls
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807ee585.shtml
DMZ config scenarion
http://www.cisco.com/en/US/docs/security/asa/asa72/getting_started/asa5505/quick/guide/dmz.html
HTH
Jorge
08-01-2008 05:44 PM
Jorge,
Thank you.
Said
08-02-2008 06:29 AM
Said, you are welcome.
I also want to provide additional information regarding the creation of another interface. I should have added in previous post, that, in the scenario where you have a physical and wanted to split the interface using 802.1q into several logical interfaces say one logical be your new DMZ network,and that interface is for example your inside interface or any other interface in production, you may have network disruption during the creation of trunking and other required initial configuration.
Now,if you have free physical interface not bound to any configuration other than be dedicated for DMZ network there should not be network disruption in relation to other active interfaces.
HTH
Jorge
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: