Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > ASA 5510 - Routable Addr's for DMZ?

Reply
Thread Tools

ASA 5510 - Routable Addr's for DMZ?

 
 
Scott Davis
Guest
Posts: n/a
 
      04-02-2006
Hi, Folks.

I've got a 2600 that's a little overwhelmed. CPU goes to 100% when you
put any NAT'd traffic through it.

I'm thinking about replacing it with an ASA 5510. Currently, my DMZ has
valid/routable IP addr's. 3 distinct blocks, /26, another /26 and a /28.

My questions are:

1) Can I assign routable IP addresses to the DMZ on the ASA 5510.. and
setup ACL's to provide firewall functionality.. NO NAT..?

2) Can I assign multiple netblocks to the DMZ interface? (i.e. like
'secondary' addresses?)


Thanks very much, everyone!

-- Scott.

(email replies would be appreciated)
 
Reply With Quote
 
 
 
 
Erik Tamminga
Guest
Posts: n/a
 
      04-02-2006
Hi Scott,

1) Yes, the ASA can have routable IP addresses assigned to it's DMZ
interface, no problem. There is even a new option that tells the ASA to
actually do no nat at all (allow unnatted traffic).
2) No, not directly. The ASA can only have one single IP address assigned to
an interface. There is a possibility though. You could setup multiple,
logical, firewalls within one single ASA box and let each one have it's own
DMZ interface using a different IP block. The physical DMZ interface can
then be shared by all logical firewalls. Personally I wouldn't prefer such a
setup and go for a setup with NAT where you define static translations for
the public IP addresses on the outside to your addresses on the dmz.

Erik

"Scott Davis" <(E-Mail Removed)> wrote in message
news:6vFXf.16774$(E-Mail Removed)!nnrp1.uun et.ca...
> Hi, Folks.
>
> I've got a 2600 that's a little overwhelmed. CPU goes to 100% when you
> put any NAT'd traffic through it.
>
> I'm thinking about replacing it with an ASA 5510. Currently, my DMZ has
> valid/routable IP addr's. 3 distinct blocks, /26, another /26 and a /28.
>
> My questions are:
>
> 1) Can I assign routable IP addresses to the DMZ on the ASA 5510.. and
> setup ACL's to provide firewall functionality.. NO NAT..?
>
> 2) Can I assign multiple netblocks to the DMZ interface? (i.e. like
> 'secondary' addresses?)
>
>
> Thanks very much, everyone!
>
> -- Scott.
>
> (email replies would be appreciated)



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ASA 5510 log messages %ASA-4-419002: Duplicate TCP SYN Tilman Schmidt Cisco 5 02-18-2008 12:07 PM
IPSec PIX 501 - ASA 5510 -> log flooded with %ASA-4-402116 Tilman Schmidt Cisco 0 01-24-2008 10:49 AM
ISP routable addresses corb Cisco 7 07-08-2007 06:53 PM
Moving users from NAT to static routable IP's Jim Cisco 2 10-12-2006 07:37 PM
Active/standby config for ASA 5510 Erich Reimberg N. Cisco 0 07-01-2005 01:57 PM



Advertisments