I have an ASA 5510 running 7.24 that has logical interfaces configured.
We will be allowing some outside vendors using our Internet link, they will be bringing their own laptops.
I was thinking of adding a DMZ and just connecting their laptops to the DMZ switch, in the new DMZ and then out the firewall to the Internet.
The only objective is to allow Internet access to these people, with no connection to our network.
I have a couple of questions:
1. can I add the logical DMZ without interruption of existing logical DMZs?
2. Would it look something like this:
global (outside) 1 interface
nat (DMZ1) 1 0.0.0.0 0.0.0.0
access-list dmz1 extended permit tcp any any eq www
access-list dmz1 extended permit tcp any any eq https
access-list dmz1 extended permit tcp any any eq ftp
access-list dmz1 extended permit udp any any eq domain
access-group dmz1 in interface DMZ1