cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
541
Views
0
Helpful
1
Replies

ASA5510 Dual DMZ interfaces

ast
Level 1
Level 1

Hi,

I want to create a Dual DMZ in a ASA5510 however it is not like I used to in ASA5505

In ASA5505 I create a Outside, Inside and DMZ VLAN and there after add the interfaces into the VLAN.

This way I can have two DMZ interfaces, but how do I do it in a ASA5510?

/Allan

1 Reply 1

johuggin
Level 1
Level 1

Hello Allan,

The ASA5510 doesn't have switchports like the 5505 so unfortunately, you won't be able to set it up in the same way as the 5505. The main difference is you cannot have the same subnet exist off more than one interface on the ASA5510 and later models.

Depending on your requirement, though, there are some options.

If you give me some more detail on your requirement (why you need two interfaces in the same VLAN), I may be able to provide more tailored advice.

Use a switch:

The easiest thing may be to get a switch to connect to the 5510 DMZ interface with a default gateway of the 5510. The switch will essentially take the place of the 5505's switchports.

Separate DMZ subnets:

If you are willing to separate the DMZ into two separate subnets, you can configure rules on the ASA to allow for these subnets to talk to each other. We can configure access-lists and translations to make the communication take place through the ASA's interface.

Etherchannel:

If you're running IOS 8.4 or later you can create an etherchannel using two or more physical interfaces working as one logical interface in a single VLAN. This isn't the same as what you had setup on the 5505 as this will logically be one link. Therefore, you will likely be connecting both physical connections to one DMZ device.

Review Cisco Networking for a $25 gift card