Webserver with ASA 5505 Base license

freycom
freycom used Ask the Experts™
on
I currently have ASA 5505 with 50 User base license.   I has a site-to-site vpn, and remote access vpn configured.

I have a DB server, and 10 users.  We just purchased a Web Module that runs on IIS, and it requires a UNC share to the database folder. We have purchased a Web Server, and i configured it on the dmz vlan.

I managed to setup the DMZ, and i can nat ports to the webserver with no problems.  

What is the best way to connect the webserver to db server?  
I was thinking of adding a nic to connect to VLAN1 but it seems to defeat the purpose of the DMZ?

Would it be better to purchase the Sec Plus license?  

Or is there a better way altogether?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Ernie BeekSenior infrastructure engineer
Top Expert 2012

Commented:
Personally I would put th DB server in the DMZ as well. Users can still get to it through the firewall (high security interface to a lower security interface), the webserver can connect to it because it's in the same network and it's still protected from the outside world because there is no nat set up through the ASA so no way you can get there from the outside.
Sr. Systems Engineer
Top Expert 2008
Commented:
WIth the base license the traffic between the inside and dmz is restricted, so the best solution would be to upgrade to the sec+ license to get the dmz vlan support.

Author

Commented:
The webserver is for outside access, and would require access from both the inside network, and the outside network.
Ernie BeekSenior infrastructure engineer
Top Expert 2012

Commented:
@lrmoore: darn, always forget that.

In that case I have to second lrmoore.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial