DMZ firewall queston

DialerString_2 · ‎10-21-2009

Scenario: ASA is in building "A" (also has internet connection) and I want to set up DMZ for WEB/FTP etc.., However the physical servers are located in another building, building "B" the Data Center, which is a block away. I know this is a crazy question but is it possible to setup a DMZ whether virtual or vlans w/out physically moving the equipment or ASA? Has anyone ever faced this before?

Jon Marshall · ‎10-21-2009

Eric

You can do this but you would need L2 adjacency between the building A and the building B.

Jon

bapatsubodh · ‎10-21-2009

Hi,

You need L2 connectivity in any case. One temporary solution could be setting up a lease circiut between building A and building B. Terminate it on routers on both sides. And building A router can be connected to a local DMZ switch. Probably you can even configure a Site-to-site IPSEC between building A and Building B. This seems a really time consuming soluation but it will definitely work.

Second option is setting up a wirless point to point link from building A to building B. Which will be terminated in the corresponding switches in each building. You can encrypt the traffic which is in the air.

Check out cisco wirless devices for point-to-point connectivity.

HTH.

Please rate if possible

Thanks

Subodh