hi , i have asa 5505 firewall with ASA5505-UL-BUN-K9 license i have problem with DMZ. I am not able to create dmz. please suggest me what i need to do in order to be able to configure dmz. should i need to upgrade the license. please suggest.
If I am not mistaken even though you have an Unlimited User licensed ASA5505 you still lack the additional Vlan support that the Security Plus License would provide.
Though with your current license you should be able to create 3 Vlan interfaces of which 2 would be normal Vlan interfaces and 1 a DMZ (resticted) Vlan interface.
If you have for example "inside" and "outside" interface currently and want to create a "dmz" interface then you would have to first create the 3rd Vlan interface and then choose towards which existing interface the connections should be disabled (this is because its a resticted Vlan interface)
Lets say you have Vlan2 for "outside" and Vlan1 for "inside" and create a new Vlan3 for "dmz" you would have to do this
no forward interface Vlan1
You can naturally confirm the Vlan support on the ASA currently with the command
Is the currently licensed firewall something that you have had for sometime or is it a new purchase?
Just wondering as it would seem unreasonable to just have bought something and then having to get a new license. Just wondering if you can somehow avoid spending extra money if this is a new purchase that wasnt what you were actually looking for.
You can check this link for the differnent options the ASA5505 has
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :