04-07-2008 12:13 AM - edited 03-11-2019 05:28 AM
Hi,
I'm responsable for an permiter design with one of my customers.
The situation i designed it is included in the attachement.
The question i have is. I have 4 interfaces on an asa 5510, First line of defense and we need 2 dmz zones. I can use 1 interface for provider connection. 1 interface with the perimeter netwerk. Can i use 1 interface for a redundant perimeter connection and 1 for a redundant provider connection. Or are the 2 interfaces left necessary for the dmz connections?
04-07-2008 09:13 AM
It is possible, but a little messy and it would be a pain to troubleshoot. Each server in the DMZ would need multiple NIC's and static routes.
Can you do it this way? 3 Interfaces (OUTSIDE, DMZ, INSIDE). OUTSIDE to DMZ would traverse the FW and traffic from DMZ to INSIDE would also traverse a FW, but it would be the same FW as OUTSIDE to DMZ. Is that OK? If not you'll need a second set of FWs.
HTH
04-07-2008 10:59 PM
Hi,
Is it possible to create subinterfaces (different Vlans)
As the DMZ is in the perimeter network, and it is between the Flod and Slod?
Best regards
Jorg
04-08-2008 05:55 AM
Yes you can create sub-interfaces. Not sure what you mean by Flod and Slod.
04-08-2008 06:33 AM
Hi sorry,
flod = first line of defense
slod = second line of defense
04-08-2008 06:39 AM
I originally thought of sub-interfaces and it will work, but I would suggest against it. It will b hard to document/troubleshoot. What are the requirements? Traffic must flow across different interfaces?
04-08-2008 06:46 AM
Hi,
I need to configure 2 different dmz zones. And both of the dmz should not communicate with each other. i only heve 4 interface 2 for redundant isp and 2 for redundant connection to the dmz switches.
Best regards
Jorg
04-08-2008 07:03 AM
So would my suggestion in my second post work?
04-08-2008 11:29 PM
Yes, It can work, i was hoping someone else would have another idea as you are suggesting against subinterfaces
But will rate your post.
Regards
Jorg
12-10-2018 08:43 PM - edited 12-12-2018 08:50 PM
Designed as a key component of the cisco self-defending network, the cisco asa 5510 provides proactive threat defense that stops attacks before they spread through the network, controls network activity and application traffic, and delivers flexible vpn connectivity.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide