I apologize if my terminology is off, I understand many of the firewall/nat functions but converting that into cisco terminology isn't always clear.
Currently I am working on a asa 5510 and want to add a DMZ to the setup. I currently have two WAN ports (same isp different subnets) and the inside interface. Right now there is an assortment of port forwarding from both wan interfaces to servers in the LAN. Cisco VPN also connects via the outside interface. All of this is working fine currently.
My goal is to add a DMZ using the 4th port on the ASA and move as many of the port exceptions from the LAN into the DMZ as possible.
The problem I am having is that due to the VPN using the outside interface, I cannot add a dynamic nat from the DMZ to the Outside or it breaks VPN. So I tried adding an additional public IP to the outside interface using PAT in the global pool and creating a dynamic NAT from the DMZ to this new IP address.
Doing this, traffic cannot get past the DMZ interface on the asa. I have also tried doing a 1 to 1 static nat, and I still have the same trouble.
Since the outside interface is security level 0, the DMZ is 50 and i'm just trying to get to the internet, to my knowledge the ACLs aren't a problem.
What do I need to do to get the DMZ to nat to the outside interface (potentially with its own public ip) without disrupting VPN or existing static nat?
Currently I am working on a asa 5510 and want to add a DMZ to the setup. I currently have two WAN ports (same isp different subnets) and the inside interface. Right now there is an assortment of port forwarding from both wan interfaces to servers in the LAN. Cisco VPN also connects via the outside interface. All of this is working fine currently.
My goal is to add a DMZ using the 4th port on the ASA and move as many of the port exceptions from the LAN into the DMZ as possible.
The problem I am having is that due to the VPN using the outside interface, I cannot add a dynamic nat from the DMZ to the Outside or it breaks VPN. So I tried adding an additional public IP to the outside interface using PAT in the global pool and creating a dynamic NAT from the DMZ to this new IP address.
Doing this, traffic cannot get past the DMZ interface on the asa. I have also tried doing a 1 to 1 static nat, and I still have the same trouble.
Since the outside interface is security level 0, the DMZ is 50 and i'm just trying to get to the internet, to my knowledge the ACLs aren't a problem.
What do I need to do to get the DMZ to nat to the outside interface (potentially with its own public ip) without disrupting VPN or existing static nat?
