DMZ with Single ASA 5510 Security Plus Firewall Edition

Unanswered Question
Mar 1st, 2010

I'm working on a quick quote for a partner of ours.  I'm wondering if the Cisco ASA 5510 Security Plus Firewall Edition, is capable of doing a DMZ type configuration with just a single device, rather than an old school Internet -> Physical Firewall -> DMZ -> Physical Firewall -> Intranet.

My guess is it would be something simlar to VLAN 1 (DMZ) and VLAN 2 (Intranet).  With a NAT to VLAN1, but all traffic from outside must pass through the device, and any traffic passing from VLAN 1 to VLAN 1 must have Access Control rules.

Sorry if the question is routine, I just want to be 100% before I tell them to buy.  Here is a link to the product



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Panos Kampanakis Mon, 03/01/2010 - 10:25

You can have vlan2 being the dmz, vlan1 the inside and when passing from out to dmz, or out to in have the firewall be in the middle.

Not sure if that is waht you were asking, but that is doable.

I hope it helps.



This Discussion