how configure the web appliance in DMZ environment ?
Management access cannot be delegated to P1 or P2. The use of the M1 interface is mandatory. You may however allow the M1 interface to be used for data also. The option to do so is under Network > Interfaces. There is an option to restrict M1 for management services only. Unselect that.
i will not use WCCP i will deploy it in explict Forward Mode
I try to USE M1 ;P1 and P2
M1 configured AS .restrict mangment service only and take IP 192.168.60.72/24
P1 Configured in internal netwrok and take IP 192.168.0.72/24
P2 in External network(DMZ) and take IP 192.168.200.6/24
all the Interface Conected to Core Switch and I am sure that the Configuration in DMZ and Router and ASA Correct becasue i am using this ip in other web-proxy server in production network and working normal
I Reach to Managment Interface without any problem
and i can ping the P1
The problem that i face now that i can not reach the P2 or ping the getway of P2 from this interface using ssh
another notes i try to conect my laptob back to back with applaince in interface P2 and configure my laptob in same subnet i could not reach to P2 interface as ping
Re: how configure the web appliance in DMZ environment ?
Dear Vance Kwan Regrading to realistic setup you prefer to Use two interface M1 and P1
then Configure M1 to listen to client Request and to be mangment Service only by unselct restrict M1 for management services only. and Put this Interface in Internal Network "AS inbound Trafiic"
and Configure P1 In DMZ and to Fetach the Internet content ...... So the Request Of client will be in M1 IP and the outbound Trafic to internet will be in P1
in Routing table i will find One table for mangment and data interface(M1 and P1)
My question now does I need any addtional routing from M1 to P1 in WSA appliance Or just using the Default route and edit the Default route Getway and add the Getway OF P1 interface that located in DMZ ?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :