I'm responsable for an permiter design with one of my customers.
The situation i designed it is included in the attachement.
The question i have is. I have 4 interfaces on an asa 5510, First line of defense and we need 2 dmz zones. I can use 1 interface for provider connection. 1 interface with the perimeter netwerk. Can i use 1 interface for a redundant perimeter connection and 1 for a redundant provider connection. Or are the 2 interfaces left necessary for the dmz connections?
It is possible, but a little messy and it would be a pain to troubleshoot. Each server in the DMZ would need multiple NIC's and static routes.
Can you do it this way? 3 Interfaces (OUTSIDE, DMZ, INSIDE). OUTSIDE to DMZ would traverse the FW and traffic from DMZ to INSIDE would also traverse a FW, but it would be the same FW as OUTSIDE to DMZ. Is that OK? If not you'll need a second set of FWs.
I originally thought of sub-interfaces and it will work, but I would suggest against it. It will b hard to document/troubleshoot. What are the requirements? Traffic must flow across different interfaces?
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...