From: Edouard Zorrilla (ezorrilla@tsf.com.pe)
Date: Thu Mar 05 2009 - 13:50:17 ARST
I can't see the topologies very well but I would say that the DMZ (public)
should be placed with the FW ASA which is in from of Internet,
Regards
----- Original Message -----
From: "Shahid Ansari" <shahid1357@gmail.com>
To: "Cisco certification" <ccielab@groupstudy.com>; "Cisco certification"
<security@groupstudy.com>; "Farrukh Haroon" <farrukhharoon@gmail.com>
Sent: Thursday, March 05, 2009 10:24 AM
Subject: NAT-ASA-Juniper Security
> Hi Sec.Guys,
>
> I have question regarding NAT . As I am configuring inside NAT on ASA ,did
> NATTing works on ASA if REAL IP is one or Two hop Away from ASA.
> and if it works how ASA know to reach that host ? by static routes.
> If I do double NAT ,I can face problems with Streamline
> applications(Voice)
> ,what about Bypass NAT ?
> Below What is the best place to creat DMZs for external Web servers on ASA
> or On Juniper.
>
> Design 1
> Internet Router-----ASA----Juniper----Internal Servers(Email Server)
> !
> !
> DMZ Web servers,Ex.Email server
>
> Internet router , ASA outside has public Block
>
> OR
>
>
> Design 2
> Internet Router-----ASA----Juniper----Internal Servers(Email Server)
> !
> !
> DMZ Web servers,Ex.Email server
>
> Any help or clue is really appreciable.....
>
> Thanks
> Shahid Ansari
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:04 ART