Solved: Multiple DMZ ASA help

patelvc7601 · ‎10-22-2009

We have ASA 5520 Cisco Adaptive Security Appliance Software Version 7.2(3).

Current Config for DMZ is :

interface GigabitEthernet0/2

nameif dmz

security-level 50

ip address x.x.x.1 255.255.255.0

==================================

I am using all the physical port & need to add another DMZ Segment. I am planning to configure following :

int gi0/2

no nameif dmz

no ip add x.x.x.1 255.255.255.0

int gi0/2.35

nameif dmz

vlan 35

security-level 50

ip add x.x.x.1 255.255.255.0

int gi0/2.36

nameif dmz2

vlan 36

ip add y.y.y.1 255.255.255.0

====================================

I have few question regarding above configuration .

1 Am I on right path or not ?

2 When I will remove dmz from Physical interface to logical interface , what happen to my access-list associated with dmz interface ? do I need to recreate it or moving to logical interface will take care of the config automatically.

Thank you

Viral Patel

scott-goodwin · ‎10-22-2009

I beleive you will have to recreate the access-group command to re-apply the access-list as the name removal will delete the associated access-group command.

Thanks

Scott

View solution in original post

scott-goodwin · ‎10-22-2009

I beleive you will have to recreate the access-group command to re-apply the access-list as the name removal will delete the associated access-group command.

Thanks

Scott

patelvc7601 · ‎10-22-2009

I have currently this command applied to access-list dmz_inbound will apply to nameif interface dmz. I am assuming once I make above changes I may have to just reapply .

access-group dmz_inbound in interface dmz

Thank you

Viral Patel