ASA 5505 - 2.5 VLAN limit

Unanswered Question

In 2008 & 2009 I deployed around 2 dozen ASA5505's to small organizations.  I love the new ASA's so much that I even purchased one for my own home.

With that said I still have a hard time undersatnding why Cisco decided 2.5 VLANs was the limit.  In my experience it is barely enough and requires creative configuring to really meet the needs of even the smallest of enviornments.  Even in my own home I have a hard time with the VLAN limitation.

VLAN 1 - LAN

VLAN 2 - WAN

nearly ever environment needs a 3rd VLAN.  Either for VOIP, WLAN, or DMZ.

I have 3 questions.

1) What needs to happen to get this changed so that ASA5505 have 3-6 VLANS as their new non-trunked max.

2) What does everyone else think about this limitation?

3) Is there an upgrade license available that I am not aware of for the 5505 that increases the VLAN max on the 5505?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
scootertgm Wed, 04/07/2010 - 11:26

When I was talking to a cisco rep, I know the license allowed full communication between the three vlans. I thought that may have been what you were asking.

Collin Clark Wed, 04/07/2010 - 11:33

Ryan,

You are reading it correctly, VLANs are still limited. It does limit you, but Cisco provisions the box slightly above a Linksys and makes it cost effective for SOHO environments. The 5510 is focused towards small enterprise/remote office type solutions. We never use and rarely sell the 5505 because of the limitations on it. We suggest to our clients to spend the extra cash and get a 'future proof' device.

Hope it helps.

That sounds like 1 vote for the product needing a little bit of a change in non-trunk VLAN allowance.

The cost difference and feature difference between the 5505 and 5510 is huge.  Overall its a difficult piece of equipment to deploy to even a SOHO.  Even the smallest of organizations need 3 full non-trunked vlans.  Generally it is a better value and price point to purchase a ASA5505, Moderaly priced router, and moderately priced switch.  I just wish that Cisco would allow SOHO's to deploy with a firewall and switch and that is only possible from a 5510 or higher.

Collin Clark Wed, 04/07/2010 - 13:03

We always give the customer the option, but we push using a router more often than the ASA. A router has so many more features even though the performance of the firewall on a router is less than an ASA. There are some features that requires an ASA though. I will never (again) configure SSLVPN on a router. Smooth as silk on an ASA and nothing but trouble on a router!

Actions

This Discussion