Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2137
Views
0
Helpful
3
Replies

DMZ Through Internal (Private) Network

Go to solution
pauzi123@
Level 1
Level 1

‎02-24-2017 06:18 PM - edited ‎03-12-2019 01:58 AM

Hello guys,

Currently i have set up DMZ zone for my network. The system is being tested using external GSM Network, the connection and the synchronization are successful. Currently the server is directly connected to the DMZ Port at the Firewall.

Can i move the server into my internal network and connect the server using network switch?


Firewall (5508-X)
Router ( ISR 2912/K9)
Switch ( WS-C3850-48P-S ) 

I have attached current network topology

1 person had this problem
Labels:
Preview file
494 KB
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Marius Gunnerud
VIP
VIP

‎02-25-2017 06:38 AM

Can i move the server into my internal network and connect the server using network switch?

of course you can, infact I would recommend it for scaleability.  If the switch you will be using is a shared switch with the other VLANs in  your network then just create a new VLAN, place two ports in this new VLAN and connect the firewall DMZ interface to one port and the server to the other.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to pauzi123@

‎02-27-2017 10:55 AM

So long as the VLANs are trunked to the access switches this should work.  Be careful about putting the default gateway on the core switch.  If you have any other IP configured on the core then these will be routed directly to eachother.  If you want the subnets to be seperate then set the ASA IP as the default gateway with no IP configured on the core switch for the new VLAN.  Or, if your core switch supports it, configure VRFs on the core switch and place the new VLAN in a VRF.  If the subnets don't need to be seperated then this is not relevant.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Marius Gunnerud
VIP
VIP

‎02-25-2017 06:38 AM

Can i move the server into my internal network and connect the server using network switch?

of course you can, infact I would recommend it for scaleability.  If the switch you will be using is a shared switch with the other VLANs in  your network then just create a new VLAN, place two ports in this new VLAN and connect the firewall DMZ interface to one port and the server to the other.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
pauzi123@
Level 1
Level 1
In response to Marius Gunnerud

‎02-26-2017 06:20 PM

Thanks, does this configuration work if i connect the DMZ & Server at different switches? The switches has the assigned VLAN and i have configured gateway at my Core Switch

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to pauzi123@

‎02-27-2017 10:55 AM

So long as the VLANs are trunked to the access switches this should work.  Be careful about putting the default gateway on the core switch.  If you have any other IP configured on the core then these will be routed directly to eachother.  If you want the subnets to be seperate then set the ASA IP as the default gateway with no IP configured on the core switch for the new VLAN.  Or, if your core switch supports it, configure VRFs on the core switch and place the new VLAN in a VRF.  If the subnets don't need to be seperated then this is not relevant.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card