Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
498
Views
0
Helpful
5
Replies

ASA 5500

The_guroo_2
Level 2
Level 2

‎06-17-2010 04:48 AM - edited ‎03-11-2019 11:00 AM

guys if we have 7 servers and we want to create 5 DMZ.......on ASA is it possible.....I have gone through ASA data sheet but it doesnt tell how many  DMZ

it can have......what is vlans does num,ber of vlans represent number of DMZ the firewall can have......

we have 7 servers attached to a cisco 3750 swicth and we have to secure it do we have to connect each server with the firewall or we can have trunk and put each server on different vlan i am confused regardinhg the concept how to do that

Labels:
0 Helpful
5 Replies 5

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎06-17-2010 06:52 AM

Hi,

Depending on the exact model, then you know how many DMZ interfaces you can have.

i.e

The 5505 can have up to three physical working interfaces (you can have up to 20 VLANs).

Bigger models can have more interfaces.

You can compare the models here:

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

Federico.

0 Helpful

The_guroo_2
Level 2
Level 2
In response to Federico Coto Fajardo

‎06-17-2010 07:56 AM

Thanks for your kind reply i am trying to get my head around for number of DMZ doesnt number of DMZ depends on number of vlans firewall can have for example as you have said that 5505 can have up to 3 vlan and 20 in trunking so doest this mean that it can have 3 different DMZ and 20 different DMZ???? what is the concept for vlans and DMZ thanks again

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to The_guroo_2

‎06-17-2010 08:00 AM

DMZs can refer to physical interfaces (in the example of the ASA 5505, you cannot have more than 3 routed interfaces).

But doing VLANs, you can separate logically and segment the network in more logical interfaces.

So, you can have up to a lot more than 3 DMZs (using VLANs), the difference is that they will belong to the same physical interface.

Federico.

0 Helpful

The_guroo_2
Level 2
Level 2
In response to Federico Coto Fajardo

‎06-17-2010 08:17 AM

Thanks for your quick reply so it means that if i attach a switch with it and plug 7 servers to that swicth and create 7 vlans in the asa and trunk the port of asa to the switch so it means that i can have 7 DMZ easily???? is that right

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to The_guroo_2

‎06-17-2010 08:37 AM

Yes, but for the 5505 you can have up to 20 VLANs if having the Security Plus license installed.

Check the link that I sent you.

Federico.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card