I currently have a DMZ setup using a Cisco ASA 5505. There are layer 2 switches split up into two VLANs for the DMZ and LAN. We have a guy who is backing up a bunch of data from a DMZ server to a LAN server, but when this happens it seems to slow things down due to the ASA having somewhat limited resources. I would rather have him backing up over a regular GbE connection and not killing our firewall. I was thinking of putting in a layer 3 switch or router, but that only addresses the routing component that the ASA is handling, and not the security component that the DMZ is intended for. What's the best way to get a DMZ machine pushing data to the LAN without pushing everything through the ASA?
I guess I'm mainly wondering if there is a way to do it using a layer 3 switch of dedicated router, instead of upgrading the ASA to a 5510 that has GbE ports.