Webserver with ASA 5505 Base license
I currently have ASA 5505 with 50 User base license. I has a site-to-site vpn, and remote access vpn configured.
I have a DB server, and 10 users. We just purchased a Web Module that runs on IIS, and it requires a UNC share to the database folder. We have purchased a Web Server, and i configured it on the dmz vlan.
I managed to setup the DMZ, and i can nat ports to the webserver with no problems.
What is the best way to connect the webserver to db server?
I was thinking of adding a nic to connect to VLAN1 but it seems to defeat the purpose of the DMZ?
Would it be better to purchase the Sec Plus license?
Or is there a better way altogether?
I have a DB server, and 10 users. We just purchased a Web Module that runs on IIS, and it requires a UNC share to the database folder. We have purchased a Web Server, and i configured it on the dmz vlan.
I managed to setup the DMZ, and i can nat ports to the webserver with no problems.
What is the best way to connect the webserver to db server?
I was thinking of adding a nic to connect to VLAN1 but it seems to defeat the purpose of the DMZ?
Would it be better to purchase the Sec Plus license?
Or is there a better way altogether?
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Personally I would put th DB server in the DMZ as well. Users can still get to it through the firewall (high security interface to a lower security interface), the webserver can connect to it because it's in the same network and it's still protected from the outside world because there is no nat set up through the ASA so no way you can get there from the outside.
WIth the base license the traffic between the inside and dmz is restricted, so the best solution would be to upgrade to the sec+ license to get the dmz vlan support.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial