Re: Firewalls in DMZ - Page 2

benolyndav · ‎10-05-2018

Hi

I have a 2 asa Firewall DMZ to set up, my question is i plan to put a switch between them is there any special config I need in order to route traffic through internal Firewall to external Firewall to Internet.??

Thanks

Francesco Molino · ‎10-07-2018

The error you're getting is on internal or internet firewall? Can you share the command you're typing?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

benolyndav · ‎10-07-2018

route outside 0.0.0.0 0.0.0.0 172.20.57.2

benolyndav · ‎10-07-2018

and the error is on internal FW, thats where im trying to add the route

Francesco Molino · ‎10-07-2018

Can you share output of "show int ip bri" and "show route" from both firewalls please?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Alex Pfeil · ‎10-06-2018

If you are insisting on using two firewalls, static routing on a firewall would be pretty easy.

Internet firewall
Route outside 0.0.0.0 0.0.0.0 gatewayIP
Route inside allInternalSubnets insideFirewallOutsideIp
Example
Route inside 172.16.0.0 255.255.0.0 172.16.254.1

Inside firewall example
Route outside 0.0.0.0 0.0.0.0 172.16.254.2

This is just an example. One consideration would be that having two firewalls in one DMZ subnet can be an issue because there are two possible gateways. Are you going to have a router in the DMZ? The issue with two gateways is that a server will only have one default gateway configured. You can resolve this with static routes on the servers.

Please rate helpful posts.