5505 and DMZ

Unanswered Question
Mar 26th, 2009

I have a 5505 base model and I am trying to create a DMZ. In 5505, I can only create a limited DMZ with (no forward interface vlan) command. My objectives:

1. My webserver is in DMZ.

DMZ needs to initiate traffice to outside to get Windows updates.

DMZ -> Outside

2. Outside -> DMZ; Outside users need to access my Webservers.

3. DMZ -> Inside. My Webserver initiates traffic to inside database server using DB port.

4. NO Inside -> DMZ is needed.

I am not sure whether these objectives can be met using my base license 5505.

If not, which license do I need upgrade to.

My inside VLAN is 1. Outside is Vlan 2 and DMZ is Vlan 3So I use the following command.

interface Vlan3 (Vlan 3 is DMZ)

description Vlan DMZ

no forward interface Vlan1 (Vlan 1 is Inside Vlan).

nameif DMZ

security-level 50

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mvsheik123 Thu, 03/26/2009 - 13:32

"no forward interface Vlan1"

The command itself does not let you achieve..

DMZ -> Inside. My Webserver initiates traffic to inside database server using DB port.

You nedd to upgrade the license to Security Plus.

hth

MS

Actions

This Discussion