Solved: Secure DMZ design - back to core switch??

trippi · ‎06-20-2008

See attachment---

This DMZ was created before I started here...it goes back into the core switch...Any idea why they would do that, is it secure?

I want to create another DMZ, I have purchased two layer 2 switches (going to team the NICs, one NIC on each DMZ switch), what is the best way to interface the new DMZ switches to the ASA DMZ...I would need to use two interfaces on ASA, then what gateway would I use?? Or should I send it back into core switch like the other DMZ?? in order to use only one asa interface...

jj27 · ‎06-20-2008

What I would do is the following:

On the uplink port for your new DMZ switches, put them on an access port on the core switch in VLAN 20 (Your DMZ).

Plug your server NICs into the DMZ switches on whatever interface you want and they will automatically route through the core switch VLAN.

Use the ASA DMZ interface as your default gateway for the server. It will bounce through the core switch DMZ interface and hit the ASA.

View solution in original post

jj27 · ‎06-20-2008

What I would do is the following:

On the uplink port for your new DMZ switches, put them on an access port on the core switch in VLAN 20 (Your DMZ).

Plug your server NICs into the DMZ switches on whatever interface you want and they will automatically route through the core switch VLAN.

Use the ASA DMZ interface as your default gateway for the server. It will bounce through the core switch DMZ interface and hit the ASA.