Cisco Cisco IPS 4510 Sensor 백서

36

Firewall

August 2012 Series

36

Procedure 1 

Configure the DMZ switch

This procedure assumes that the DMZ switch has already been configured 
following the guidance in Procedure 1, Configure the DMZ switch.

Step 1:  

Configure the DMZ Web VLAN on the DMZ switch 

vlan 

 name 

Step 2:  

Configure the interfaces that connect to the appliances.

interface range 

 switchport trunk allowed vlan add 

Step 3:  

Configure the interfaces that are connected to the web servers.

interface 

 description Webserver

 switchport access vlan 

 switchport host

 macro apply EgressQoS

 logging event link-status

 no shutdown

Procedure 2 

Configure DMZ interface

Step 1:  

Connect to Cisco Adaptive Security Device Manager (ASDM) by 

navigating to https://ie-asa5545.cisco.local/admin, and then logging in with 
your username and password.

Step 2:  

Navigate to 

Configuration > Device Setup > Interfaces.

Step 3:  

On the Interface pane, click 

Add > Interface

.

Step 4:  

In the Add Interface dialog box, in the 

Hardware Port

 list, choose 

the interface connected to the DMZ switch.(Example: GigabitEthernet0/1)

Step 5:  

In the 

VLAN ID

 box, enter the VLAN number for the DMZ VLAN. 

(Example: 1116)

Step 6:  

In the 

Subinterface ID

 box, enter the VLAN number for the DMZ 

VLAN. (Example: 1116)

Step 7:  

Enter an 

Interface Name

. (Example: dmz-web)

Step 8:  

In the 

Security Level

 box, enter a value of 

50

.

Step 9:  

Enter the interface 

IP Address

. (Example: 192.168.16.1)

Step 10:  

Enter the interface 

Subnet Mask

, and then click

OK

. (Example: 

255.255.255.0)

Step 11:  

On the Interface pane, click 

Apply

.

Step 12:  

Navigate to 

Configuration > Device Management > High

Availability > Failover

.

Step 13:  

On the Interfaces tab, in the 

Standby IP address

 column, enter the 

IP address of the standby unit for the interface you just created. (Example: 
192.168.16.2)