Securing a multihomed server

Unanswered Question
Sep 27th, 2010
User Badges:


I want to protect my multihomed Server using ASA 5510.

The server is acting like a buffer betwen two networks;buffering data from one network and pushing it to the other.The traffic from both server interfaces should route through a respective firewall interface.

Is there a way for accomplishing this without having to get a security plus license for firewall to use multiple contexts?Since 4 ionterfaces will be utilized in the firewall.

Interface 1 of firewall will be used for the network 1.

Interface 2 of the firewall will be used for feeding interfcae 1 of the buffer server

interface 3 of firewall will be used for network 2

interface 4 of firewall will eb used for feeding interface 2 of the buffer server.

Is this configuration practical?

Thank You

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Magnus Mortensen Mon, 09/27/2010 - 05:20
User Badges:
  • Cisco Employee,


     I'm not sure how you would be able to do this without having multiple contexts, from what you described, if traffic coming in interface 1 is destined to network 2, you need to route it to the Server, but if traffic comes in Interface 3 destined to network 2, route it out interface 4. That sounds a bit like having multiple routing tables. What kind of server is this exactly? Do you have a topology diagram? Most of the time when we have customer's with dual homed servers, the server simply has an interface on the inside and dmz networks. Inter hosts access the server on its inside interface, while outside users hit the DMZ interface. That doesn't match up well with your decription, so a diagram and a little more info about the server would help.

- Magnus

hassanjavaid Tue, 09/28/2010 - 23:43
User Badges:


Please review the attached file.

The buffer server will pull data from servers1,2,3  through eth0 via firewall.

The front end server which will be serving a web application will pull the buffered information from the buffer server from the interface eth1 via  firewall.

The buffer server is required  since front end server and server1,2,3 are in different geographical locations with a  private wireless link in between.

The foremost objective is to protect servers1,2,3 and then the buffered server.

Link between buffered server and servers1,2,3 also needs to be secured.

Is the mentioned layout practical only with using multiple contexts?

How else can it be deployed?

Thank You



This Discussion