You are able to configure interfaces/subinterfaces for network segments that you want to isolate on the firewall from all your other LAN networks. As long as the DMZ network is behind its own interface/subinterface on the ASA then you can naturally limit connectivity as you wish on the interface ACL.
All interface except for the Management port are the same. Its how you configure the interfaces and their rules that defines what the ports role is.
For example, if you were to configure a setup where you have
One physical interface connected to ISP
One physical interface connected to LAN
One physical interface connected to DMZ
Then you might configure the ASA so that hosts behind LAN interface are allowed to connect anywhere. DMZ interface might be configured to block almost all traffic towards the LAN networks. on the ISP/WAN interface you would probably allow certain services to servers on the DMZ while blocking all other traffic.
But as I said, the ASA doesnt have any specific port that you would use as the DMZ port. You can use any port (Not the Management) and create configurations and rules for it so its that which is required of a DMZ.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...