09-28-2012 12:45 AM - edited 03-11-2019 05:00 PM
Hi,
I have a question about Cisco ASA 5505 firewall.
We need 3 interfaces on the firewall , "inbound", "outbound" and "DMZ" , to control traffic between these zones.
Can we do this with Cisco ASA 5505 50-user bundle , or do we need to purchase Cisco ASA 5505 Security Plus bundle to get the DMZ zone working
Best regards,
Pertti
09-28-2012 01:02 AM
Yes you can do that with ASA 5505 (base license), you don't need the security plus license for 3 interfaces.
However, one of the interface (eg: dmz) can't initiate a connection to the inside zone (only to the internet).
Here is a diagram representation for your reference:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/intrface.html#wp1099376
In the diagram, business would be your inside interface, and home would be your dmz interface. Business/inside can initiate connection to both internet/outside and home/dmz. However, home/dmz can only initiate connection to internet/outside, not business/inside.
Hope that answers your question.
09-28-2012 02:07 AM
Thanks Jennifer, your answer is great,
It brings up also an important thing concerning the traffic we need to implement between DMZ (home) amd Inside networks:
we have a e.g server in DMZ (home) zone that needs to make queries from a database on a server located in Inside zone, and deliver the queries ouside to the Internet (through outbound).
For this reason we would need the Security Plus licence anyway, If understood right ?
Best regards,
Pertti
09-28-2012 02:43 AM
Hello Pertti,
You are right. If you want the communication from DMZ back to inside, yes you do need a sec plus license
regards
Harish.
09-28-2012 02:50 AM
Hello Harish,
thanks for the confirmation.
Best regards.
Pertti
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide