12-29-2011 07:59 AM - edited 03-11-2019 03:08 PM
I'm tring to setup a DMZ for a guest wireless off of a 5505.
So this device has a base license. It has vlan1 and vlan 2 for inside and outside.
Another vlan is configured to be a failover for the currently active wan connection. It is using the "no forward interface" command.
Can I add another vlan as a DMZ if I use the "no forward interface" command?
I see the following in Cisco Documentation:
"If you already have two VLAN interfaces configured with a
nameif
command, be sure to enter the
no forward interface
command before the
nameif
command on the third interface; the adaptive security appliance does not allow three fully functioning VLAN interfaces with the Base license on the ASA 5505 adaptive security appliance."
This is what is currently configured:
interface Vlan1
nameif inside
security-level 100
allow-ssc-mgmt
ip address 192.168.10.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address
!
interface Vlan12
no forward interface Vlan2
nameif failover
security-level 0
ip address
I'd like to add the following:
interface vlan3
nameif guestdmz
no forward interface Vlan1
secuirty level 100
ip address 192.168.1.0 255.255.255.0
Solved! Go to Solution.
12-29-2011 08:14 AM
Hello Robert,
No, that would no be possible as you have a base license with supports only two interfaces and one restricted interface (in your case is being used for the failover).
You will need to go for the plus license!!
Do rate helpful posts,
Julio
12-29-2011 08:14 AM
Hello Robert,
No, that would no be possible as you have a base license with supports only two interfaces and one restricted interface (in your case is being used for the failover).
You will need to go for the plus license!!
Do rate helpful posts,
Julio
12-29-2011 08:16 AM
That's exactly what I was afraid of.
12-29-2011 09:39 AM
Hello Robert,
Yes, that is one license limitation on the ASA 5505.
Let me know if you have any other question if not please mark the question as answered.
I will be more than glad to help.
Regards,
Julio
12-29-2011 09:44 AM
Done, thanks for your help.
On Thu, Dec 29, 2011 at 12:39 PM, jcarvaja <
12-29-2011 05:13 PM
Hello Robert,
Thank you very much for the rating.
Regards,
Julio
04-25-2012 07:22 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: