Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

5505 and DMZ

I have a 5505 base model and I am trying to create a DMZ. In 5505, I can only create a limited DMZ with (no forward interface vlan) command. My objectives:

1. My webserver is in DMZ.

DMZ needs to initiate traffice to outside to get Windows updates.

DMZ -> Outside

2. Outside -> DMZ; Outside users need to access my Webservers.

3. DMZ -> Inside. My Webserver initiates traffic to inside database server using DB port.

4. NO Inside -> DMZ is needed.

I am not sure whether these objectives can be met using my base license 5505.

If not, which license do I need upgrade to.

My inside VLAN is 1. Outside is Vlan 2 and DMZ is Vlan 3So I use the following command.

interface Vlan3 (Vlan 3 is DMZ)

description Vlan DMZ

no forward interface Vlan1 (Vlan 1 is Inside Vlan).

nameif DMZ

security-level 50

1 REPLY

Re: 5505 and DMZ

"no forward interface Vlan1"

The command itself does not let you achieve..

DMZ -> Inside. My Webserver initiates traffic to inside database server using DB port.

You nedd to upgrade the license to Security Plus.

hth

MS

219
Views
0
Helpful
1
Replies