Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Securing a multihomed server


I want to protect my multihomed Server using ASA 5510.

The server is acting like a buffer betwen two networks;buffering data from one network and pushing it to the other.The traffic from both server interfaces should route through a respective firewall interface.

Is there a way for accomplishing this without having to get a security plus license for firewall to use multiple contexts?Since 4 ionterfaces will be utilized in the firewall.

Interface 1 of firewall will be used for the network 1.

Interface 2 of the firewall will be used for feeding interfcae 1 of the buffer server

interface 3 of firewall will be used for network 2

interface 4 of firewall will eb used for feeding interface 2 of the buffer server.

Is this configuration practical?

Thank You

Cisco Employee

Re: Securing a multihomed server


     I'm not sure how you would be able to do this without having multiple contexts, from what you described, if traffic coming in interface 1 is destined to network 2, you need to route it to the Server, but if traffic comes in Interface 3 destined to network 2, route it out interface 4. That sounds a bit like having multiple routing tables. What kind of server is this exactly? Do you have a topology diagram? Most of the time when we have customer's with dual homed servers, the server simply has an interface on the inside and dmz networks. Inter hosts access the server on its inside interface, while outside users hit the DMZ interface. That doesn't match up well with your decription, so a diagram and a little more info about the server would help.

- Magnus

New Member

Re: Securing a multihomed server


Please review the attached file.

The buffer server will pull data from servers1,2,3  through eth0 via firewall.

The front end server which will be serving a web application will pull the buffered information from the buffer server from the interface eth1 via  firewall.

The buffer server is required  since front end server and server1,2,3 are in different geographical locations with a  private wireless link in between.

The foremost objective is to protect servers1,2,3 and then the buffered server.

Link between buffered server and servers1,2,3 also needs to be secured.

Is the mentioned layout practical only with using multiple contexts?

How else can it be deployed?

Thank You