Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

ASA: DMZ attached host access from internal/external network

Greetings,

Our DMZ port on our ASA is configured more as an external/Internet facing interface. It is configured with a non-routable IP subnet 172.20.2.0/29)that's configured to route specific traffic to a set of VPN routers (non company owned). Using a couple of small switches, this same port is attached to an ISP - currently not used to route Internet traffic to/from the corporate network.

I need to be able to place an FTP host into this DMZ setup- with one NIC attached to the DMZ subnet and one NIC attached to the ISP subnet. This will allow me to control access for FTP 'PUTS' from the internal network as well as allow external FTP 'GETS' from the Internet.

Is this routing possible given this setup?

Thanks.

2 REPLIES
Green

Re: ASA: DMZ attached host access from internal/external network

I think I understand what you want, but a few questions...ignore if I misunderstood what you want to do.

1. Why don't you want to go from inside through the pix to the dmz?

2. Why do you want to patch around the pix?

New Member

Re: ASA: DMZ attached host access from internal/external network

Yes - a very good question.

We (errantly) set things up this way to accommodate a customer - when at the time, we didn't know better and this seemed to be a working solution. We know better now and only need to keep this setup as is for a while longer. Then we will set that interface up as a true DMZ.

In the meantime, I need to be able to install the FTP host as indicated - to better utilize the unused ISP and remove that traffic from the primary ISP connection.

Sounds strange I know, but I can't think of any other way around this setup - nor if it's even possible to do.

Thanks again for your prompt reply.

117
Views
0
Helpful
2
Replies
CreatePlease to create content