I have an ASA 5510 with a WAN connection to the outside world.
Currently it looks like this:
[Internet]
|
[ASA]
|
192.168.x subnet
|
[NAT device]
|
172.16.x subnet
My plan is to move both subnets to their own interface on the ASA and remove the second NAT device.
The 192.168.x subnet will be the DMZ with security-level 50.
The 172.16.x subnet will be LAN with security-level 100.
Both will be Dynamic NAT'd (PAT) to the outside.
My questions:
1. Do I need to add static routes for the local subnets, or will those be automatically added? This is on a production network so the changeover has to be seamless.
2. I assume I will need to set up a firewall rule for DMZ mail server to access the LAN, is this correct?
3. Are there any considerations (NAT/Firewall/etc) for this that I haven't considered?
Currently it looks like this:
[Internet]
|
[ASA]
|
192.168.x subnet
|
[NAT device]
|
172.16.x subnet
My plan is to move both subnets to their own interface on the ASA and remove the second NAT device.
The 192.168.x subnet will be the DMZ with security-level 50.
The 172.16.x subnet will be LAN with security-level 100.
Both will be Dynamic NAT'd (PAT) to the outside.
My questions:
1. Do I need to add static routes for the local subnets, or will those be automatically added? This is on a production network so the changeover has to be seamless.
2. I assume I will need to set up a firewall rule for DMZ mail server to access the LAN, is this correct?
3. Are there any considerations (NAT/Firewall/etc) for this that I haven't considered?