SERVERS ON DMZ

mudasir05 · ‎03-02-2015

Hello all,

I have a cisco asa 5545 on which the DMZ port is connected to the 2960 switch.Also i have two servers connected to the L2 switch which needs to be routed to Internet.

My question is can I make these two servers access the internet through the single dmz port? Also these servers are connected to the switch on the ame vlan and the switch in turn to the dmz port of the firewall.

Thanks

Jon Marshall · ‎03-02-2015

Yes, just give them an IP from the subnet used for that vlan and use the dmz interface on the ASA as their default gateway.

Then depending on the access you need setup the NAT statements and the acl rules.

If you want external access you will need static NAT entries and allow that the traffic in an acl applied inbound to your outside interface.

If you just want the servers to be able to go out to the internet then you need a dynamic NAT statement and no need for an acl.

Jon

mudasir05 · ‎03-02-2015

thanks Jon for the reply,

I gave them the ip from the same subnet and used dmz interface ip as there default gateway.

I made use of public server feature on my ASA for each individual server by creating separate rules,however one of them worked and the other didn't,not sure why.

Jon Marshall · ‎03-02-2015

Not sure what the public feature is but can you post the configuration (by all means change the IPs to hide information).

Jon