jskfan
asked on
ASA Firewall Access Rule for Web Servers
In ASA 5520 I have configured an Access Rule so that outside client can reach the Webserver in the DMZ. It worked with no problem. However , so far I have only one Webserver in the DMZ and the access rule is permitting from outside to the destination (Webserver object) which has an IP address 10.10.10.20
In real world there should be redundant Webservers in the DMZ, so that they can "Load Balance" the load.
I wonder if I need to create separate Access Rule for each Webserver or there is a simpler way to do it ?
Any help will be very much appreciated.
Thank you
In real world there should be redundant Webservers in the DMZ, so that they can "Load Balance" the load.
I wonder if I need to create separate Access Rule for each Webserver or there is a simpler way to do it ?
Any help will be very much appreciated.
Thank you
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
PeteLong:
in your comment above you mentioned Load Balancer, I believe that would work if you put it in the DMZ (Of course), that way you Load balance between WebServers, and the WebServers will have a common Virtual IP address.
I believe that Virtual IP address is the IP address that will be used in ASA Firewall Access Rule. It makes more sense to me this way.
in your comment above you mentioned Load Balancer, I believe that would work if you put it in the DMZ (Of course), that way you Load balance between WebServers, and the WebServers will have a common Virtual IP address.
I believe that Virtual IP address is the IP address that will be used in ASA Firewall Access Rule. It makes more sense to me this way.
ASKER
Thank you
ASKER
I am not saying I need to Load balance with Firewall.
Usually companies do not use just one web server in the DMZ. They use a bunch of them and I believe in DNS they create CNAME so that all webservers will have the same name but different IP addresses...
Well... the way I configured ASA in the LAB, was not complicated because I just allowed HTTP from outside to go to that single webserver IP address. in the case when there are several webservers, how do you change the access rules so that it will apply to all webservers in the DMZ?
hope the Question is clear now..