Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Multiple DMZ ASA help

We have ASA 5520 Cisco Adaptive Security Appliance Software Version 7.2(3).

Current Config for DMZ is :

interface GigabitEthernet0/2

nameif dmz

security-level 50

ip address x.x.x.1 255.255.255.0

==================================

I am using all the physical port & need to add another DMZ Segment. I am planning to configure following :

int gi0/2

no nameif dmz

no ip add x.x.x.1 255.255.255.0

int gi0/2.35

nameif dmz

vlan 35

security-level 50

ip add x.x.x.1 255.255.255.0

int gi0/2.36

nameif dmz2

vlan 36

ip add y.y.y.1 255.255.255.0

====================================

I have few question regarding above configuration .

1 Am I on right path or not ?

2 When I will remove dmz from Physical interface to logical interface , what happen to my access-list associated with dmz interface ? do I need to recreate it or moving to logical interface will take care of the config automatically.

Thank you

Viral Patel

1 ACCEPTED SOLUTION

Accepted Solutions
Community Member

Re: Multiple DMZ ASA help

I beleive you will have to recreate the access-group command to re-apply the access-list as the name removal will delete the associated access-group command.

Thanks

Scott

2 REPLIES
Community Member

Re: Multiple DMZ ASA help

I beleive you will have to recreate the access-group command to re-apply the access-list as the name removal will delete the associated access-group command.

Thanks

Scott

Community Member

Re: Multiple DMZ ASA help

I have currently this command applied to access-list dmz_inbound will apply to nameif interface dmz. I am assuming once I make above changes I may have to just reapply .

access-group dmz_inbound in interface dmz

Thank you

Viral Patel

269
Views
0
Helpful
2
Replies
CreatePlease to create content