cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1049
Views
4
Helpful
9
Replies

Designing Cisco ASA 5510

jorg.ramakers
Level 1
Level 1

Hi,

I'm responsable for an permiter design with one of my customers.

The situation i designed it is included in the attachement.

The question i have is. I have 4 interfaces on an asa 5510, First line of defense and we need 2 dmz zones. I can use 1 interface for provider connection. 1 interface with the perimeter netwerk. Can i use 1 interface for a redundant perimeter connection and 1 for a redundant provider connection. Or are the 2 interfaces left necessary for the dmz connections?

9 Replies 9

Collin Clark
VIP Alumni
VIP Alumni

It is possible, but a little messy and it would be a pain to troubleshoot. Each server in the DMZ would need multiple NIC's and static routes.

Can you do it this way? 3 Interfaces (OUTSIDE, DMZ, INSIDE). OUTSIDE to DMZ would traverse the FW and traffic from DMZ to INSIDE would also traverse a FW, but it would be the same FW as OUTSIDE to DMZ. Is that OK? If not you'll need a second set of FWs.

HTH

Hi,

Is it possible to create subinterfaces (different Vlans)

As the DMZ is in the perimeter network, and it is between the Flod and Slod?

Best regards

Jorg

Yes you can create sub-interfaces. Not sure what you mean by Flod and Slod.

Hi sorry,

flod = first line of defense

slod = second line of defense

I originally thought of sub-interfaces and it will work, but I would suggest against it. It will b hard to document/troubleshoot. What are the requirements? Traffic must flow across different interfaces?

Hi,

I need to configure 2 different dmz zones. And both of the dmz should not communicate with each other. i only heve 4 interface 2 for redundant isp and 2 for redundant connection to the dmz switches.

Best regards

Jorg

So would my suggestion in my second post work?

Yes, It can work, i was hoping someone else would have another idea as you are suggesting against subinterfaces

But will rate your post.

Regards

Jorg

nikki_carol
Level 1
Level 1

Designed as a key component of the cisco self-defending network, the cisco asa 5510 provides proactive threat defense that stops attacks before they spread through the network, controls network activity and application traffic, and delivers flexible vpn connectivity.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: