DMZ firewall queston

Unanswered Question
Oct 21st, 2009

Scenario: ASA is in building "A" (also has internet connection) and I want to set up DMZ for WEB/FTP etc.., However the physical servers are located in another building, building "B" the Data Center, which is a block away. I know this is a crazy question but is it possible to setup a DMZ whether virtual or vlans w/out physically moving the equipment or ASA? Has anyone ever faced this before?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Jon Marshall Wed, 10/21/2009 - 10:34


You can do this but you would need L2 adjacency between the building A and the building B.


bapatsubodh Wed, 10/21/2009 - 13:12


You need L2 connectivity in any case. One temporary solution could be setting up a lease circiut between building A and building B. Terminate it on routers on both sides. And building A router can be connected to a local DMZ switch. Probably you can even configure a Site-to-site IPSEC between building A and Building B. This seems a really time consuming soluation but it will definitely work.

Second option is setting up a wirless point to point link from building A to building B. Which will be terminated in the corresponding switches in each building. You can encrypt the traffic which is in the air.

Check out cisco wirless devices for point-to-point connectivity.


Please rate if possible




This Discussion