We have ASA 5520 Cisco Adaptive Security Appliance Software Version 7.2(3).
Current Config for DMZ is :
ip address x.x.x.1 255.255.255.0
I am using all the physical port & need to add another DMZ Segment. I am planning to configure following :
no nameif dmz
no ip add x.x.x.1 255.255.255.0
ip add x.x.x.1 255.255.255.0
ip add y.y.y.1 255.255.255.0
I have few question regarding above configuration .
1 Am I on right path or not ?
2 When I will remove dmz from Physical interface to logical interface , what happen to my access-list associated with dmz interface ? do I need to recreate it or moving to logical interface will take care of the config automatically.
I beleive you will have to recreate the access-group command to re-apply the access-list as the name removal will delete the associated access-group command.