Solved: 5510 DMZ ?

louis0001 · ‎01-06-2016

Hi,

we have 2x 5510 in standby/failover mode going to 2x 2960s switches

The following are the interfaces:

E0 = OUTSIDE (block of 8 public ip's)
E1 = INSIDE
E2 = Standby (state failover)
E3 = vlan 299 going to another ASA
M0 = Standby (Lan failover)

We want to set up a DMZ but was wondering what interface we would do this on? I was thinking of adding it on to E3 with another vlan eg vlan 100.

Would that work?

Akshay Rastogi · ‎01-08-2016

Hi,

Yes, you could create sub-interface on E3 for vlan 100. I would recommend to create sub-interface of Gigbit Physical Interface(in 5510, 2 interfaces are gig as per the license). This would work. Do not forget to make that connected switchport as trunk allowing these vlans.

Hope it helps.

Regards,

Akshay Rastogi

Remember to rate helpful posts.

View solution in original post

Akshay Rastogi · ‎01-08-2016

Hi,

Yes, you could create sub-interface on E3 for vlan 100. I would recommend to create sub-interface of Gigbit Physical Interface(in 5510, 2 interfaces are gig as per the license). This would work. Do not forget to make that connected switchport as trunk allowing these vlans.

Hope it helps.

Regards,

Akshay Rastogi

Remember to rate helpful posts.

louis0001 · ‎01-08-2016

Thanks for the reply. I've sorted it now. The external IP was driving me around the bend trying to do a static NAT into the DMZ.

I was checking everything twice, three times etc and it all appeared ok and what I thought it should do.
Finally, at the end of the day, I finally realized I was trying to use the standby IP address. Doh!