Solved

DMZ on same physical port

Posted on 2014-12-15
4
161 Views
Last Modified: 2014-12-16
Hello, is it possible to create a DMZ but have all the physical connections on the same port as the "Inside" network on a Cisco ASA 5505? The reason I ask is I have a client who has 20 PC's and 2 servers. Currently the network goes internet -> Linksys router-> Gig switch (non-configurable) - PC's and Servers and it works fine.

But now we just acquired an ASA 5505 and since The issue with the Cisco ASA is it does not have Gig Ethernet but when I go to set up the DMZ in the Wizard, it wants to assign it to an unused physical port. I'd like to keep the servers connected to the gig switch for the speed. Therefore the network would like like:

Internet
      | Port 0 on ASA
   ASA
     |
  Inside & DMZ (Port 1)
     |
Gig Switch
    |
PC's & Servers
0
Comment
Question by:bhodge10
4 Comments
 
LVL 11

Expert Comment

by:rharland2009
ID: 40502499
It won't really work this way as is.
The limitation here is your switch. Since it's unmanaged and unconfigurable, you cannot assign VLANs to ports. Without that, the ASA will not be able to distinguish between LAN traffic and DMZ traffic if you configure VLANs on the ASA.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 40502640
Not on a 5505, if you had a 5510 or bigger this would be possible with sub interfaces, but thats not an option on the 5505 sorry.
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 40502760
If the servers are accessed both internally and externally and you really need gig speed, I would not even create a DMZ.  Just do NAT or PAT for the servers.

Let the 20 PC's inside access the servers directly and anything on the Internet goes through the firewall and it filters the traffic.
0
 

Author Closing Comment

by:bhodge10
ID: 40503226
That's what I'm going to do. Just keep it simple and use NAT.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now