freycom
asked on
Webserver with ASA 5505 Base license
I currently have ASA 5505 with 50 User base license. I has a site-to-site vpn, and remote access vpn configured.
I have a DB server, and 10 users. We just purchased a Web Module that runs on IIS, and it requires a UNC share to the database folder. We have purchased a Web Server, and i configured it on the dmz vlan.
I managed to setup the DMZ, and i can nat ports to the webserver with no problems.
What is the best way to connect the webserver to db server?
I was thinking of adding a nic to connect to VLAN1 but it seems to defeat the purpose of the DMZ?
Would it be better to purchase the Sec Plus license?
Or is there a better way altogether?
I have a DB server, and 10 users. We just purchased a Web Module that runs on IIS, and it requires a UNC share to the database folder. We have purchased a Web Server, and i configured it on the dmz vlan.
I managed to setup the DMZ, and i can nat ports to the webserver with no problems.
What is the best way to connect the webserver to db server?
I was thinking of adding a nic to connect to VLAN1 but it seems to defeat the purpose of the DMZ?
Would it be better to purchase the Sec Plus license?
Or is there a better way altogether?
Personally I would put th DB server in the DMZ as well. Users can still get to it through the firewall (high security interface to a lower security interface), the webserver can connect to it because it's in the same network and it's still protected from the outside world because there is no nat set up through the ASA so no way you can get there from the outside.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The webserver is for outside access, and would require access from both the inside network, and the outside network.
@lrmoore: darn, always forget that.
In that case I have to second lrmoore.
In that case I have to second lrmoore.