Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

need a good robust ASA5505 basic license config including DMZ

HI, I'm looking for a good config for a ASA5505 with DMZ, but basic license. no access from DMZ to inside.

3 REPLIES
New Member

Re: need a good robust ASA5505 basic license config including DM

Hi,

Please try the following (I am assuming that the DMZ vlan is vlan 3 and dmz physical interface is interface 3. Kindly make the necessary adjustments. Also inside interface is vlan 1 and outside interface is vlan 2 in the sample configuration):

int vlan 3

ip address x.x.x.x y.y.y.y

no forward interface vlan 1

int ethernet 0/3

switchport access vlan 3

nat (DMZ) 1 0 0

global (outside) 1 interface

Please find below the link explaining no forward interface command:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/int5505.html#wp1051819

Hope this helps!

Thanks,

Manish

New Member

Re: need a good robust ASA5505 basic license config including DM

Hi Manish, Thanks for the post, but I have a problem with initiating traffic to Internet side too, I restrict traffic from DMZ to inside.

Do I need a ACL to allow traffic from DMZ to outside with no forward forward interface vlan xx

And, this customer will buy sec+ license to have more granular access control between his 5 sections, it would be much appreciate if any one could suggest a good VLAN separated config for 5505 sec+ too.

New Member

Re: need a good robust ASA5505 basic license config including DM

Hi,

We would not require any ACL for passing traffic from DMZ to internet unless there is an ACL already applied. In case there is, please add the following line to the same:

access-list test permit ip any any

Also please make sure that the nat and global configuration is fine.

146
Views
2
Helpful
3
Replies
CreatePlease to create content