Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
720
Views
0
Helpful
2
Replies

Difference Between Configuring DMZ and Public Servers

Rowlands Price
Level 1
Level 1

‎01-28-2014 12:43 PM - last edited on ‎03-25-2019 05:52 PM by Community Manager

Hello Everybody

I have many services that i want to publish on Internet (web server, ftp and mail). so for this, i configured my ASA with 3 interfaces

Gi0/0: sec level 0 (outside)

GI0/1: sec level 50 (dmz)

Gi0/2: sec level 100 (inside)

Doing necessary nat and acl to allow public users on Internet to access my web servers and ftp successfully.

I read on the ASA the configuartion of Public servers

http://www.cisco.com/en/US/partner/docs/security/asa/asa83/asdm63/configuration_guide/public_servers.html

My question is that public servers replace dmz configuration with acl and nat ?

In what case use public servers instead of dmz configuation with 3 interfacess.

Can i place my web servers, ftp and mail in inside lan and used public servers configuration safety?

Need your clarification please

Regards

Labels:
0 Helpful
2 Replies 2

Julio Carvajal
VIP Alumni
VIP Alumni

‎01-28-2014 05:00 PM

Hello,

DMZ refers to an interface where you will place servers or appliances that will be accessed from the external world so there is no DMZ configuration. It's basically a security zone that you could create and then start configuring it as any other interface.

Now the Public-Server is actually a feature that allow you to configure in one step both the ACL and the NAT then making it easier for our customers.

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Rowlands Price
Level 1
Level 1
In response to Julio Carvajal

‎01-29-2014 03:11 AM

Hello Julio,

Thanks for your reply,

My question is, can i publish applications that will be accessed from Internet using public servers instead of configuring DMZ on a third asa interface.

Can i place web servers, ftp servers and mail server in inside part and publish them to Internet usig public server?

Regards

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card