https://community.cisco.com/t5/network-security/dmz-issues-in-asa-5505-firewall/m-p/2419718#M270457 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>If I am not mistaken even though you have an Unlimited User licensed ASA5505 you still lack the additional Vlan support that the Security Plus License would provide.</P><P></P><P>Though with your current license you should be able to create 3 Vlan interfaces of which 2 would be normal Vlan interfaces and 1 a DMZ (resticted) Vlan interface.</P><P></P><P>If you have for example <STRONG>"inside"</STRONG> and <STRONG>"outside"</STRONG> interface currently and want to create a <STRONG>"dmz"</STRONG> interface then you would have to first create the 3rd Vlan interface and then choose towards which existing interface the connections should be disabled (this is because its a resticted Vlan interface)</P><P></P><P>Lets say you have Vlan2 for <STRONG>"outside"</STRONG> and Vlan1 for <STRONG>"inside"</STRONG> and create a new Vlan3 for <STRONG>"dmz"</STRONG> you would have to do this</P><P></P><P><STRONG>interface Vlan3</STRONG></P><P><STRONG> no forward interface Vlan1</STRONG></P><P><STRONG> nameif dmz</STRONG></P><P><STRONG> security-level 50</STRONG></P><P><STRONG> ip address <IP> <NETWORK mask=""></NETWORK></IP></STRONG></P><P></P><P>You can naturally confirm the Vlan support on the ASA currently with the command</P><P></P><P><STRONG>show version</STRONG></P><P></P><P>Hope this helps <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P><P></P><P>- Jouni</P></BODY></HTML> Sun, 02 Feb 2014 13:43:02 GMT Jouni Forss 2014-02-02T13:43:02Z https://community.cisco.com/t5/network-security/dmz-issues-in-asa-5505-firewall/m-p/2419717#M270455 <P>hi , i have asa 5505 firewall with ASA5505-UL-BUN-K9 license i have problem with DMZ. I am not able to create dmz. please suggest me what i need to do in order to be able to configure dmz. should i need to upgrade the license. please suggest.</P> Tue, 12 Mar 2019 03:39:15 GMT https://community.cisco.com/t5/network-security/dmz-issues-in-asa-5505-firewall/m-p/2419717#M270455 Dawood Khan 2019-03-12T03:39:15Z https://community.cisco.com/t5/network-security/dmz-issues-in-asa-5505-firewall/m-p/2419718#M270457 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>If I am not mistaken even though you have an Unlimited User licensed ASA5505 you still lack the additional Vlan support that the Security Plus License would provide.</P><P></P><P>Though with your current license you should be able to create 3 Vlan interfaces of which 2 would be normal Vlan interfaces and 1 a DMZ (resticted) Vlan interface.</P><P></P><P>If you have for example <STRONG>"inside"</STRONG> and <STRONG>"outside"</STRONG> interface currently and want to create a <STRONG>"dmz"</STRONG> interface then you would have to first create the 3rd Vlan interface and then choose towards which existing interface the connections should be disabled (this is because its a resticted Vlan interface)</P><P></P><P>Lets say you have Vlan2 for <STRONG>"outside"</STRONG> and Vlan1 for <STRONG>"inside"</STRONG> and create a new Vlan3 for <STRONG>"dmz"</STRONG> you would have to do this</P><P></P><P><STRONG>interface Vlan3</STRONG></P><P><STRONG> no forward interface Vlan1</STRONG></P><P><STRONG> nameif dmz</STRONG></P><P><STRONG> security-level 50</STRONG></P><P><STRONG> ip address <IP> <NETWORK mask=""></NETWORK></IP></STRONG></P><P></P><P>You can naturally confirm the Vlan support on the ASA currently with the command</P><P></P><P><STRONG>show version</STRONG></P><P></P><P>Hope this helps <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P><P></P><P>- Jouni</P></BODY></HTML> Sun, 02 Feb 2014 13:43:02 GMT https://community.cisco.com/t5/network-security/dmz-issues-in-asa-5505-firewall/m-p/2419718#M270457 Jouni Forss 2014-02-02T13:43:02Z https://community.cisco.com/t5/network-security/dmz-issues-in-asa-5505-firewall/m-p/2419719#M270459 <HTML><HEAD></HEAD><BODY><P>First of all thanks for your response. yes you are right i have ASA5505-UL-BUN-K9 license. if i buy ASA5505-SEC-BUN-K9 License than how many vlan it will provide.</P></BODY></HTML> Mon, 03 Feb 2014 05:59:51 GMT https://community.cisco.com/t5/network-security/dmz-issues-in-asa-5505-firewall/m-p/2419719#M270459 Dawood Khan 2014-02-03T05:59:51Z https://community.cisco.com/t5/network-security/dmz-issues-in-asa-5505-firewall/m-p/2419720#M270461 <HTML><HEAD></HEAD><BODY><P>Hello Dawood,</P><P></P><P>If you obtain the security Plus License you will be able to use up to 20 VLANs on your ASA Firewall having the DMZ Restricted advertisement fade away <SPAN __jive_emoticon_name="grin" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/grin.gif"></SPAN></P><P></P><P>I hope this answers your question, any other bring it on bud </P><P></P><P></P><P>Looking for some Networking Assistance?&nbsp; <BR /><SPAN>Contact me directly at </SPAN><A class="jive-link-email-small" href="mailto:jcarvaja@laguiadelnetworking.com">jcarvaja@laguiadelnetworking.com</A><SPAN> </SPAN><BR /> <BR />I will fix your problem ASAP. <BR /> <BR />Cheers, <BR /> <BR />Julio Carvajal Segura <BR /><A class="jive-link-external-small" href="http://laguiadelnetworking.com">http://laguiadelnetworking.com</A></P></BODY></HTML> Mon, 03 Feb 2014 06:17:09 GMT https://community.cisco.com/t5/network-security/dmz-issues-in-asa-5505-firewall/m-p/2419720#M270461 Julio Carvajal 2014-02-03T06:17:09Z https://community.cisco.com/t5/network-security/dmz-issues-in-asa-5505-firewall/m-p/2419721#M270462 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Is the currently licensed firewall something that you have had for sometime or is it a new purchase?</P><P></P><P>Just wondering as it would seem unreasonable to just have bought something and then having to get a new license. Just wondering if you can somehow avoid spending extra money if this is a new purchase that wasnt what you were actually looking for.</P><P></P><P>You can check this link for the differnent options the ASA5505 has</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80402e36.html">http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80402e36.html</A></P><P></P><P>You can also check this link for all the available licensed options on the ASA5505</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa91/license/license_management/license.html#wp2124788">http://www.cisco.com/en/US/docs/security/asa/asa91/license/license_management/license.html#wp2124788</A></P><P></P><P>This link contains also information on the ASA models</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80285492.pdf">http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80285492.pdf</A></P><P></P><P>So essentially you would get 20 Vlan interfaces instead of 3 and also support for Trunking which would let you use a single physical link for several Vlans (if you wanted that is)</P><P></P><P>Hope this helps <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P><P></P><P>- Jouni</P></BODY></HTML> Mon, 03 Feb 2014 07:16:41 GMT https://community.cisco.com/t5/network-security/dmz-issues-in-asa-5505-firewall/m-p/2419721#M270462 Jouni Forss 2014-02-03T07:16:41Z https://community.cisco.com/t5/network-security/dmz-issues-in-asa-5505-firewall/m-p/2419722#M270463 <HTML><HEAD></HEAD><BODY><P>thanks</P></BODY></HTML> Tue, 04 Feb 2014 05:39:59 GMT https://community.cisco.com/t5/network-security/dmz-issues-in-asa-5505-firewall/m-p/2419722#M270463 Dawood Khan 2014-02-04T05:39:59Z https://community.cisco.com/t5/network-security/dmz-issues-in-asa-5505-firewall/m-p/2419723#M270464 <HTML><HEAD></HEAD><BODY><P>thanks</P></BODY></HTML> Tue, 04 Feb 2014 05:40:11 GMT https://community.cisco.com/t5/network-security/dmz-issues-in-asa-5505-firewall/m-p/2419723#M270464 Dawood Khan 2014-02-04T05:40:11Z https://community.cisco.com/t5/network-security/dmz-issues-in-asa-5505-firewall/m-p/2419724#M270465 <HTML><HEAD></HEAD><BODY><P>Hello Dawood,</P><P></P><P>My pleasure.</P><P></P><P>Do u have any other question? Otherwise u can mark Jouni's and my answers as valid.</P><P></P><P></P><P>Looking for some Networking Assistance?&nbsp; <BR /><SPAN>Contact me directly at </SPAN><A class="jive-link-email-small" href="mailto:jcarvaja@laguiadelnetworking.com">jcarvaja@laguiadelnetworking.com</A><SPAN> </SPAN><BR /> <BR />I will fix your problem ASAP. <BR /> <BR />Cheers, <BR /> <BR />Julio Carvajal Segura <BR /><A class="jive-link-external-small" href="http://laguiadelnetworking.com">http://laguiadelnetworking.com</A></P></BODY></HTML> Tue, 04 Feb 2014 05:59:19 GMT https://community.cisco.com/t5/network-security/dmz-issues-in-asa-5505-firewall/m-p/2419724#M270465 Julio Carvajal 2014-02-04T05:59:19Z