Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA-5505 VLAN Licensing Question

I have a new ASA-5505 Bun-K9 license. Does this allow 3 vlan's unrestricted traffic flow or do I need a Secure License to obtain full functionallity on all 3 vlan's?

Best Regards

7 REPLIES
Hall of Fame Super Silver

Re: ASA-5505 VLAN Licensing Question

Jose

I do not have access to a 5505 right now to check it. But my memory is that the standard license on the 5505 puts some restriction on the use the the third VLAN. To get unrestricted functionality on all 3 VLANs I believe that you need the upgraded license.

HTH

Rick

New Member

Re: ASA-5505 VLAN Licensing Question

Thanks Rick, I did some late reading last night and found that the 5505 can configure all 3 vlans but the DMZ cannot initiate any connection. The initiation must come from either the inside or outside vlan's........

Any idea on how to do port forwarding with this thing?

Best Regards

Hall of Fame Super Silver

Re: ASA-5505 VLAN Licensing Question

Jose

Your finding is consistent with what I remembered. I recently configured port forwarding on an ASA5505. I configured it basically as:

static (inside,outside) tcp interface

which establishes a static translation (port forwarding) from the port# on the outside interface to port# on the inside interface. The thing that surprised me about this is that it worked when I specified the keyword "interface" but not when I specified the address of the interface.

HTH

Rick

New Member

Re: ASA-5505 VLAN Licensing Question

Rick

That's interesting I'm going to have to do some reading on the interface parameter for the static command. I' let you know what I find?

Regards

New Member

Re: ASA-5505 VLAN Licensing Question

Here's what I found out:

Uses the interface IP address as the mapped address. Use this keyword if you want

to use the interface address, but the address is dynamically assigned using DHCP.

Maybe the address lease had expired?

New Member

Re: ASA-5505 VLAN Licensing Question

I for got to add this note:

Note You must use the interface keyword instead of specifying the actual IP

address when you want to include the IP address of an interface in a static

PAT entry.

Hall of Fame Super Silver

Re: ASA-5505 VLAN Licensing Question

Jose

This note explains the behavior that I described in my response. If you do port forwarding where some packet is sent to the outside interface on some port number and you want to forward it to some host inside on some port number then you use the static command to set up a static PAT and you need to use the keywork interface instead of specifying the ip address of the interface.

HTH

Rick

308
Views
0
Helpful
7
Replies
CreatePlease login to create content