CISCO DMZ VLAN MANAGEMENT

Hi,

I need setup an External Contractors DMZ which they will use to connect to a storage system to receive and delivery work.  The plan is to attach a physical switch to a spare port on an ASA 5520 so this is completely
separate to our internal infrastructure.  Members of a Development VLAN (one way) would have access to this area via a firewall access policy.

Is there any "best practices" in regards to VLAN Management in DMZ's.  Our internal switches have a management VLAN but would that be acceptable / secure to use the same VLAN outside inner core to manage the switch.  Also unlike the inner switches that use Radius for authentication I would only use a local account.

Thank you in advance.
Mongo PeckAsked:
Who is Participating?
 
Pete LongConnect With a Mentor Technical ConsultantCommented:
Why not simply have a console server connected to this switch, then you can manage it and there is no direct connections form the DMZ/VLAN to the Secure network, you can pick up a console server very cheaply.
0
All Courses

From novice to tech pro — start learning today.