Re: dmz access out
- From: mmark751969 <mmark751969@xxxxxxxxx>
- Date: Tue, 29 Apr 2008 11:11:26 -0700 (PDT)
On Apr 28, 9:28 pm, "flamer die.s...@xxxxxxxxxxx"
<die.s...@xxxxxxxxxxx> wrote:
are the hosts on the dmz on the same subnet as the protected hosts on
the lan? you definately want to use a different subnet off a different
router interface, if a machine on your dmz becomes comprised (which is
why its on a dmz to begin with) then the attacker can access the
machines on your LAN from the machine on the dmz (within the same
broadcast domain).
Have a look athttp://www.parkansky.com/tutorials/dmz.htmfor a basic
example.
Flamer.
This is on an asa5510 firewall. So yes it is a different subnet on a
seperate interface. So - if i give it the access list above then i'm
thinking that i will still be protected from traffic originating from
the outside. But that all traffic originating from the inside will
still be able to go through. Does this hold true for the asa. Thanks
.
- Follow-Ups:
- Re: dmz access out
- From: flamer die.spam@xxxxxxxxxxx
- Re: dmz access out
- References:
- dmz access out
- From: mmark751969
- Re: dmz access out
- From: flamer die.spam@xxxxxxxxxxx
- dmz access out
- Prev by Date: Re: Feature set codes IOS file images?
- Next by Date: Re: IP SLA and HSRP - Please help
- Previous by thread: Re: dmz access out
- Next by thread: Re: dmz access out
- Index(es):
Relevant Pages
|
|
