Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5510: Enabling a second DMZ


I?ve just bought an ASA5510-AIP10-K9

(ASA 5510 Appliance with AIP-SSM-10, SW, 3FE, 3DES/AES) to implement perimeter security. I planned to use only 1 DMZ but things have changed, and now I need to implement a second DMZ. The ASA-5510 has 4 ports in-built but in mine only 3 are available. How can I enable the fourth port (2nd DMZ)? Someone told me about a license, but I don?t find info about it. Please help me.

New Member

Re: ASA 5510: Enabling a second DMZ

you could just put a switch or hub off of that port you are using as the DMZ and its treated just like it's own network that you can limit what data goes in and out it.

Or if you need 2 different DMZ's for some reason just treat another port of it as a seperate network and make some access-lists to restrict traffic

New Member

Re: ASA 5510: Enabling a second DMZ

I do not believe you can change that. The 5510 only has the three interfaces even though there are 4 physical ones. This is a model limitation, not a licensing issue.

You can, however, get around this by trunking that third port down to a switch and creating two DMZ's sharing one interface. So, on the switch that the DMZ port is plugged into, do the following.

1. Create 2 VLAN's (1 for each DMZ)

2. Configure teh port that the DMZ port is plugged into to be a trunk port with those two VLAN's.

On the ASA do the following. Create two interfaces and map them to the two VLAN's being trunked to from the switch. You will know have 2 DMZ's sharing the same interface...

If you require more information, check out trunking in the configuration guide for the OS level you are using.

CreatePlease login to create content