08-04-2009 02:48 AM - edited 03-11-2019 09:02 AM
Hi,
I'm trying to activate the DMZ interface on a restricted license ASA 5505 but I get an error when I try to ADD the interface. The message says "With the current license device will only supports 2 fully functional interfaces. Third interface can be added,but the traffic from this interface to another interface need to be blocked. Please make appropriate selection in advanced tab." I gather that I have to define the limitation myself? The problem is that I can't access the advanced tab because of the error. Can I do something via CLI to get through? I'm using ASA 8.2 and ASDM 6.2.
Thanks, Joe
Solved! Go to Solution.
08-04-2009 06:46 AM
from the CLI, on the vlan interface config of the dmz interface you need to add the following config:
interface Vlan3
no forward interface vlan X
...where X is the vlan number where your DMZ will *NOT* be talking to.
08-04-2009 06:26 AM
if you need more that 2 interface, you should go to Sec-plus license.
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/int5505.html#wp1056883
Cheers
08-04-2009 06:46 AM
from the CLI, on the vlan interface config of the dmz interface you need to add the following config:
interface Vlan3
no forward interface vlan X
...where X is the vlan number where your DMZ will *NOT* be talking to.
08-04-2009 06:54 AM
Yeah, I know. I'm trying to save the 450 euros...
Anyway, it's not totally true : the 5505 can use a DMZ but with restricted access. I don't know how to activate the third interface via ASDM, but then I got it up via the following CLI command I found in a forum on the Internet :
interface vlan3
no forward interface vlan1
nameif dmz
security-level 50
ip address 192.168.1.1 255.255.255.0
Automagically, when I accessed the ASDM, I found a new column in the Interfaces tab named "restrict traffic flow" (at least I believe it wasn't there before!). I can't send traffic from the DMZ to the internal network, but it's not essential for me. I'm happy now.
Cheers, Joe
05-08-2013 04:22 AM
Thanks Joe. It helped me !!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: