We currently have a ASA5520 with the "SSM 4GE" card in the expansion slot. This gives us 4 extra GibabitEthernet ports.
At the moment there are 5 connections going into the firewall. They are Inside LAN, DMZ LAN , OutsideWAN1, OutsideWAN2, OutsideWAN3. The Outside WAN1,2,3 are 3 WAN connections for 3 different ISPs. Now we have got an IPS card "SSM 20". There is only one expansion slot so we have to remove the "SSM 4GE" to make space for the new card. There are four onboard ports on the device but we have 5 connections. To get around this can we put all the WAN connections into a switch and then into one port on the 5520 and then use vlans ? How many vlans can we put on the one port on the 5520 ? Also is it possible to do route failover should one of the WAN lines go down ? Is this still done with floating static routes , or is there a better way to do it ? On the specification sheet it says a maximum of 150 vlans for the device , does this mean that the same 150 vlans can be applied to each port ? Would you have any links to similar configuration set up ? Many thanks for your help with this ?
Sorry to hear the port limitation of the ASA has bit you too.
Your only solution is to trunk multiple vlans out of your ASA into a switch. I would worry about bandwidth contention between the vlans on a singles interface (but they're GigE and you're talking about WAN speeds) more than number of vlans (do you really need more the 150 per firewall?)
Your routing and ASA specific questions might be better answered by the firewall forum.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :