Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Secure DMZ design - back to core switch??

See attachment---

This DMZ was created before I started here...it goes back into the core switch...Any idea why they would do that, is it secure?

I want to create another DMZ, I have purchased two layer 2 switches (going to team the NICs, one NIC on each DMZ switch), what is the best way to interface the new DMZ switches to the ASA DMZ...I would need to use two interfaces on ASA, then what gateway would I use?? Or should I send it back into core switch like the other DMZ?? in order to use only one asa interface...

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Secure DMZ design - back to core switch??

What I would do is the following:

On the uplink port for your new DMZ switches, put them on an access port on the core switch in VLAN 20 (Your DMZ).

Plug your server NICs into the DMZ switches on whatever interface you want and they will automatically route through the core switch VLAN.

Use the ASA DMZ interface as your default gateway for the server. It will bounce through the core switch DMZ interface and hit the ASA.

1 REPLY

Re: Secure DMZ design - back to core switch??

What I would do is the following:

On the uplink port for your new DMZ switches, put them on an access port on the core switch in VLAN 20 (Your DMZ).

Plug your server NICs into the DMZ switches on whatever interface you want and they will automatically route through the core switch VLAN.

Use the ASA DMZ interface as your default gateway for the server. It will bounce through the core switch DMZ interface and hit the ASA.

744
Views
0
Helpful
1
Replies
CreatePlease to create content