11-01-2012 01:10 PM - edited 03-11-2019 05:17 PM
I need to create a DMZ Vlan. Core switch is a 6509. FW is an ASA5520. Need to create a VLAN for DMZ purposes for outside facing servers. NAT is used on ASA. All help is appreciated.
11-01-2012 01:41 PM
Hello,
Okay so you will create the vlan on the Core switch, then connected to one of the ASA interface,
All you need to do on the ASA is to create a NAT rule for that new vlan ( subnet), setup a route on the ASA pointing to that core switch in order to reach the new vlan.
Regards,
Julio
11-01-2012 02:17 PM
Addressing is the next question. Internally on the core I set a VLAN called DMZ-LAN of 10.90.x.x 255.255.0.0. Should I have used an address of one of my class C's instead? example: 192.160.223.x 255.255.255.0
11-01-2012 02:29 PM
Hello,
No, that is not a requirement, you can use a different range,
Just add the following on the ASA
Route internal 10.90.x.x 255.255.0.0 core_switch_ip
Then
nat (internal ) 1 10.90.x.x 255.255.0.0
global (outside) 1 interface
Regards,
11-01-2012 02:31 PM
Thank you! Learning something new every day.
11-01-2012 02:50 PM
Hello,
My pleasure to help,
If you do not have any questions, please mark it as answered,
Regards,
11-01-2012 03:50 PM
I'm confused by this statement:
global (outside) 1 interface
What interface?
11-01-2012 03:58 PM
Hello,
That is used for the internal users to be be able to traverse the internet.
You need a public and routable IP to traverse the internet,
In this case the outside interface it's the public
Regards,
Julio
Remember to rate all of the helpful posts, if you do not know how to do that just let me know, I will teach you ;D
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide