I have two servers attached via a little hub to the Dmz port on ours cisco asa 5500 firewall.
Both run web based services to the internet via this connection (sharepoint and library catalogue)
Each server has two ethernet cards the other is connected to our cisco 3750 Lay3 capable switch and are in a server Vlan.
I need to access the servers from the staff Vlan.
The servers (windows 2003 and 2000) will only support one gateway address.
If I set the default to the Server_Vlan Interface Ip address on the apprporiate card then routing two/from the lan works and I can get access to the servers using standard windows networking services (browsing, RDC, file sharing etc). Accessing the web services from the internet will however fail. I believe that the returning information just goes down the wrong gateway and never makes it back to the requestor.
If I swap the Default gateway to the DMZ gateway address, web based access from the internet is ok but lan traffic suffers the same problem as above, simply the problem is reversed.
DMZ GW = 10.98.98.1
Srv1 DMZ IP = 10.98.98.2
Srv2 DMZ IP = 10.98.98.3
Server Vlan = 192.168.22.1
Srv1 Vlan Interface = 192.168.22.30
Srv1 Vlan Interface = 192.168.22.32
Staf Vlan Interface IP = 192.168.0.250
Default Gateway = 192.168.0.2 (And is attched to this Vlan, i.e. on ASA 'ip route 0.0.0.0 0.0.0.0 192.168.0.2')
So the question is how do I configure this to achieve access from both sides so that the servers no where to send the return info.
So far the only thing I can think of (and works) is to put the servers into the staff vlan instead of the server vlan with G/W as the DMZ on the servers. That way local access doesn't get routed.
Buit this does seem to defeat the object of having Vlans. Is there a solution that I am missing here.
Thanks for your help.