Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Adding a DMZ on ASA 5505 with Base License

I'm tring to setup a DMZ for a guest wireless off of a 5505. 

So this device has a base license.  It has vlan1 and vlan 2 for inside and outside.

Another vlan is configured to be a failover for the currently active wan connection.  It is using the "no forward interface" command.

Can I add another vlan as a DMZ if I use the "no forward interface" command?

I see the following in Cisco Documentation:

"If you already have two VLAN interfaces configured with a

nameif

command, be sure to enter the

no forward interface

command before the

nameif

command on the third interface; the adaptive security appliance does not allow three fully functioning VLAN interfaces with the Base license on the ASA 5505 adaptive security appliance."

This is what is currently configured:

interface Vlan1

nameif inside

security-level 100

allow-ssc-mgmt

ip address 192.168.10.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address

!

interface Vlan12

no forward interface Vlan2

nameif failover

security-level 0

ip address

I'd like to add the following:

interface vlan3

nameif guestdmz

no forward interface Vlan1

secuirty level 100

ip address 192.168.1.0 255.255.255.0

1 ACCEPTED SOLUTION

Accepted Solutions

Adding a DMZ on ASA 5505 with Base License

Hello Robert,

No, that would no be possible as you have a base license with supports only two interfaces and one restricted interface (in your case is being used for the failover).

You will need to go for the plus license!!

Do rate helpful posts,

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
6 REPLIES

Adding a DMZ on ASA 5505 with Base License

Hello Robert,

No, that would no be possible as you have a base license with supports only two interfaces and one restricted interface (in your case is being used for the failover).

You will need to go for the plus license!!

Do rate helpful posts,

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Adding a DMZ on ASA 5505 with Base License

That's exactly what I was afraid of.

Adding a DMZ on ASA 5505 with Base License

Hello Robert,

Yes, that is one license limitation on the ASA 5505.

Let me know if you have any other question if not please mark the question as answered.

I will be more than glad to help.

Regards,

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Re: Adding a DMZ on ASA 5505 with Base License

Done, thanks for your help.

On Thu, Dec 29, 2011 at 12:39 PM, jcarvaja <

Re: Adding a DMZ on ASA 5505 with Base License

Hello Robert,

Thank you very much for the rating.

Regards,

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Adding a DMZ on ASA 5505 with Base License

1288
Views
5
Helpful
6
Replies