hi , i have asa 5505 firewall with ASA5505-UL-BUN-K9 license i have problem with DMZ. I am not able to create dmz. please suggest me what i need to do in order to be able to configure dmz. should i need to upgrade the license. please suggest.
If I am not mistaken even though you have an Unlimited User licensed ASA5505 you still lack the additional Vlan support that the Security Plus License would provide.
Though with your current license you should be able to create 3 Vlan interfaces of which 2 would be normal Vlan interfaces and 1 a DMZ (resticted) Vlan interface.
If you have for example "inside" and "outside" interface currently and want to create a "dmz" interface then you would have to first create the 3rd Vlan interface and then choose towards which existing interface the connections should be disabled (this is because its a resticted Vlan interface)
Lets say you have Vlan2 for "outside" and Vlan1 for "inside" and create a new Vlan3 for "dmz" you would have to do this
no forward interface Vlan1
You can naturally confirm the Vlan support on the ASA currently with the command
Hope this helps
First of all thanks for your response. yes you are right i have ASA5505-UL-BUN-K9 license. if i buy ASA5505-SEC-BUN-K9 License than how many vlan it will provide.
If you obtain the security Plus License you will be able to use up to 20 VLANs on your ASA Firewall having the DMZ Restricted advertisement fade away
I hope this answers your question, any other bring it on bud
Do u have any other question? Otherwise u can mark Jouni's and my answers as valid.
Is the currently licensed firewall something that you have had for sometime or is it a new purchase?
Just wondering as it would seem unreasonable to just have bought something and then having to get a new license. Just wondering if you can somehow avoid spending extra money if this is a new purchase that wasnt what you were actually looking for.
You can check this link for the differnent options the ASA5505 has
You can also check this link for all the available licensed options on the ASA5505
This link contains also information on the ASA models
So essentially you would get 20 Vlan interfaces instead of 3 and also support for Trunking which would let you use a single physical link for several Vlans (if you wanted that is)
Hope this helps