i was just wondering about the appropriate way to connect my devices... What I mean is that I have a 5508-X with 5 Usable Static IPS and each Port is associated with its own IP. 2 of the IP’s, 2 different interfaces, connect to their own Routers for their own subnet but 2 other IP’s and their own interfaces connect directly to a device. For example 1 IP connects directly to my Linux email server straight IP no subnet and so does another IP but to a web server.
Is it good a wise decision to have it connected directly to through devices with no internal network IP or is it irrelevant due to them both being servers that accessed by those specific IP’s?
Hope that makes sense.. Just wanna make sure I shouldn’t get 2 new basic routers for those devices because I have no firewall or ACLS really beyond port access .
I certainly do not see any need to obtain 2 basic routers to connect these devices. Some of us might have provisioned a switch connected to the ASA and the servers connected to the switch (thus saving a port on the ASA for some other purpose). But if you want to connect each server directly to the ASA I do not see an issue with that.
The thing that I do wonder about is how you are using those IP addresses. You tell us you have 5 usable IP addresses. Are they all in a single IP subnet ? (that is usually the case with IP addresses assigned from ISP) If so then how are you assigning addresses to the ASA interfaces? With a subnet of 5 addresses from the ISP usually that is handled by using the IP addresses for address translation.
Thank you for the response. I just was unsure if the security was being bypassed in a sense by having a Computer plugged directly into an Interface directly as opposed to like a Router using the static and then assigning DHCP.
As far as my scenario; It is indeed a block of 5 Usable IP’s and I have them set as such.
I have Interfaces 2-6 assigned their own 192.168.2.1, 192.168.3.1 so on and so forth and then I use NAT to translate any incoming data to a specific (external) IP to go to the designated Interface.
My Linux email Box for example is on Interface 192.168.2.1 but assign it’s address 192.168.2.177 as its external IP is x.x.x.177 and then use ACL’s to allow those requested Mail Server ports.
i hope this is what you meant.
What you describe sounds fine and does not cause any compromise of security. Putting a router on those interfaces would not improve security and I can not see any benefit from doing that (it only would add expense and complexity to your network implementation).