Hi,
I have a cisco ASA firewall.
Outside - Connected to Internet.
DMZ- Connected to servers which open up connections to the Inside zone.
Inside - secure applications.
Scenario 1
when request from the Internet hits the firewall public OUTSIDE ip. I nat it to a private ip in DMZ zone has the servers.
Scenario 2
I can have the request from the Internet hit the DMZ zonedirectly instead of the outside zone provided the DMZ zone servers are in the public range ...is this correct? question1
question2) So the question is when I would use scenario 1 and when I would use scenario 2.
question3) Which is considered a best practice?
-----------------------------------------------------------------------------
Thanks,
Kunal