• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 491
  • Last Modified:

Maximum number of servers in DMZ on Cisco ASA 5510 with Security Plus

I have several devices i'd like in my DMZ (E-mail Filter, MS ISA Server, Citrix Access Gateway, etc). I'm ordering a Cisco ASA 5510 with Security Plus. Is it possible to setup all these devices in the DMZ? If so, can I do it by having one port on the DMZ connected to a switch then all the servers connected to it? Or, must I have each server connected directly to one of the open ports (if any) on the ASA?
0
First Last
Asked:
First Last
  • 3
  • 2
1 Solution
 
qbakiesCommented:
You can place them all in a DMZ connected to a switch.  The 'DMZ' is associated with the ASA interface.
0
 
First LastAuthor Commented:
qbakies:

Isn't connecting all the devices to a single switch in the DMZ a little less secure than directly connecting each one to a port on the ASA?

Instead of buying a separate switch what if i'm cheap and I VLAN off a section of my production switch for the DMZ that would be considered a security risk?
0
 
qbakiesCommented:
'Serurity risk' is a pretty relative term.  There is nothing inherently less secure about putting all your DMZ machines on a separate switch as opposed to using VLANs on a switch you already have.  The DMZ is going to have a different subnet than your LAN as well as a lower security-level than your inside interface so no traffic will be able to travel from your DMZ to your inside unless you allow it with an ACL.
0
 
First LastAuthor Commented:
I will include your suggestions in my overall plan. Thank you!
0
 
qbakiesCommented:
I also suggest you don't put servers in the DMZ that are part of your AD domain (if you have one), because you will have to open a bunch of holes just so the servers work correctly talking to the domain controller.  With a DMZ the fewer holes you need to punch to the inside the more secure you will be.
0

Featured Post

IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now