In 2008 & 2009 I deployed around 2 dozen ASA5505's to small organizations. I love the new ASA's so much that I even purchased one for my own home.
With that said I still have a hard time undersatnding why Cisco decided 2.5 VLANs was the limit. In my experience it is barely enough and requires creative configuring to really meet the needs of even the smallest of enviornments. Even in my own home I have a hard time with the VLAN limitation.
VLAN 1 - LAN
VLAN 2 - WAN
nearly ever environment needs a 3rd VLAN. Either for VOIP, WLAN, or DMZ.
I have 3 questions.
1) What needs to happen to get this changed so that ASA5505 have 3-6 VLANS as their new non-trunked max.
2) What does everyone else think about this limitation?
3) Is there an upgrade license available that I am not aware of for the 5505 that increases the VLAN max on the 5505?
You are reading it correctly, VLANs are still limited. It does limit you, but Cisco provisions the box slightly above a Linksys and makes it cost effective for SOHO environments. The 5510 is focused towards small enterprise/remote office type solutions. We never use and rarely sell the 5505 because of the limitations on it. We suggest to our clients to spend the extra cash and get a 'future proof' device.
That sounds like 1 vote for the product needing a little bit of a change in non-trunk VLAN allowance.
The cost difference and feature difference between the 5505 and 5510 is huge. Overall its a difficult piece of equipment to deploy to even a SOHO. Even the smallest of organizations need 3 full non-trunked vlans. Generally it is a better value and price point to purchase a ASA5505, Moderaly priced router, and moderately priced switch. I just wish that Cisco would allow SOHO's to deploy with a firewall and switch and that is only possible from a 5510 or higher.
We always give the customer the option, but we push using a router more often than the ASA. A router has so many more features even though the performance of the firewall on a router is less than an ASA. There are some features that requires an ASA though. I will never (again) configure SSLVPN on a router. Smooth as silk on an ASA and nothing but trouble on a router!
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...