DMZ with Single ASA 5510 Security Plus Firewall Edition

entaadmin · ‎03-01-2010

I'm working on a quick quote for a partner of ours. I'm wondering if the Cisco ASA 5510 Security Plus Firewall Edition, is capable of doing a DMZ type configuration with just a single device, rather than an old school Internet -> Physical Firewall -> DMZ -> Physical Firewall -> Intranet.

My guess is it would be something simlar to VLAN 1 (DMZ) and VLAN 2 (Intranet). With a NAT to VLAN1, but all traffic from outside must pass through the device, and any traffic passing from VLAN 1 to VLAN 1 must have Access Control rules.

Sorry if the question is routine, I just want to be 100% before I tell them to buy. Here is a link to the product https://www.insight.com/search/ppp.web?fromSearch=true&materialId=ASA5510-SEC-BUN-K9

Thanks!

Cody

Kureli Sankar · ‎03-01-2010

With ASA5505 you will have vlans but, with ASA5510 you have enough physical interfaces to configure inside, outside and dmz.

Here is a link for ASA5510 sample config: http://www.howtocisco.com/cisco/samples/5510config1.htm

-KS

Panos Kampanakis · ‎03-01-2010

You can have vlan2 being the dmz, vlan1 the inside and when passing from out to dmz, or out to in have the firewall be in the middle.

Not sure if that is waht you were asking, but that is doable.

I hope it helps.

PK