Solved

Adding a DMZ network in my Cisco ASA 5520 network

Posted on 2014-09-20
4
501 Views
Last Modified: 2014-10-02
Dear All,

  I have two Cisco ASA 5520 with configured as LAN and WAN interfaces only with Clustered configured.

LAN IP: 192.168.1.x., WAN 62.11.11.x
I need to configure a new DMZ range 172.30.30.x n the third ASA interfaces  and make sure that the cluster config will still working.

can someone please advise the steps and the required route to be added.

Thanks
0
Comment
Question by:ITMaster1979
  • 2
  • 2
4 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 40334614
ASA 5500 Adding a DMZ Step By Step

The only difference for you is, if you are in active standby, you need to add an active and standby IP to the DMZ interface i.e

!
interface Ethernet0/2
 speed 100
 duplex full
 nameif DMZ
 security-level 0
 ip address 123.123.123.123 255.255.255.248 standby 123.123.123.124
!

Carry out all configuration on the primary active firewall, connect the same interfaces of both, to the DMZ, and Bobs yer uncle

PL
0
 
LVL 1

Accepted Solution

by:
ITMaster1979 earned 0 total points
ID: 40334985
Do I have to create the dmz vlan in my core switch?
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 40335191
That prety much depends on your topology, Im my case I prefer a DMZ to have its own switch, rather than relying on VLAN seperation. If I was deplying the solution to a government body, then I would have to have a physical seperation. But if you are not as concerned about security VLAN separation is adequate.
0
 
LVL 1

Author Closing Comment

by:ITMaster1979
ID: 40356563
good
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Website Issue 10 76
What problem can Native VLAN mismatch causes 4 37
SIP / Streaming - real time communications testing 8 51
Guest Wi-Fi Time out 3 21
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question