Solved

DMZ on same physical port

Posted on 2014-12-15
4
159 Views
Last Modified: 2014-12-16
Hello, is it possible to create a DMZ but have all the physical connections on the same port as the "Inside" network on a Cisco ASA 5505? The reason I ask is I have a client who has 20 PC's and 2 servers. Currently the network goes internet -> Linksys router-> Gig switch (non-configurable) - PC's and Servers and it works fine.

But now we just acquired an ASA 5505 and since The issue with the Cisco ASA is it does not have Gig Ethernet but when I go to set up the DMZ in the Wizard, it wants to assign it to an unused physical port. I'd like to keep the servers connected to the gig switch for the speed. Therefore the network would like like:

Internet
      | Port 0 on ASA
   ASA
     |
  Inside & DMZ (Port 1)
     |
Gig Switch
    |
PC's & Servers
0
Comment
Question by:bhodge10
4 Comments
 
LVL 11

Expert Comment

by:rharland2009
ID: 40502499
It won't really work this way as is.
The limitation here is your switch. Since it's unmanaged and unconfigurable, you cannot assign VLANs to ports. Without that, the ASA will not be able to distinguish between LAN traffic and DMZ traffic if you configure VLANs on the ASA.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 40502640
Not on a 5505, if you had a 5510 or bigger this would be possible with sub interfaces, but thats not an option on the 5505 sorry.
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 40502760
If the servers are accessed both internally and externally and you really need gig speed, I would not even create a DMZ.  Just do NAT or PAT for the servers.

Let the 20 PC's inside access the servers directly and anything on the Internet goes through the firewall and it filters the traffic.
0
 

Author Closing Comment

by:bhodge10
ID: 40503226
That's what I'm going to do. Just keep it simple and use NAT.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now