Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2216
Views
5
Helpful
6
Replies

Adding a DMZ on ASA 5505 with Base License

Go to solution
robdinan1
Level 1
Level 1

‎12-29-2011 07:59 AM - edited ‎03-11-2019 03:08 PM

I'm tring to setup a DMZ for a guest wireless off of a 5505. 

So this device has a base license.  It has vlan1 and vlan 2 for inside and outside.

Another vlan is configured to be a failover for the currently active wan connection.  It is using the "no forward interface" command.

Can I add another vlan as a DMZ if I use the "no forward interface" command?

I see the following in Cisco Documentation:

"If you already have two VLAN interfaces configured with a

nameif

command, be sure to enter the

no forward interface

command before the

nameif

command on the third interface; the adaptive security appliance does not allow three fully functioning VLAN interfaces with the Base license on the ASA 5505 adaptive security appliance."

This is what is currently configured:

interface Vlan1

nameif inside

security-level 100

allow-ssc-mgmt

ip address 192.168.10.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address

!

interface Vlan12

no forward interface Vlan2

nameif failover

security-level 0

ip address

I'd like to add the following:

interface vlan3

nameif guestdmz

no forward interface Vlan1

secuirty level 100

ip address 192.168.1.0 255.255.255.0

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎12-29-2011 08:14 AM

Hello Robert,

No, that would no be possible as you have a base license with supports only two interfaces and one restricted interface (in your case is being used for the failover).

You will need to go for the plus license!!

Do rate helpful posts,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

6 Replies 6

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎12-29-2011 08:14 AM

Hello Robert,

No, that would no be possible as you have a base license with supports only two interfaces and one restricted interface (in your case is being used for the failover).

You will need to go for the plus license!!

Do rate helpful posts,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Go to solution
robdinan1
Level 1
Level 1
In response to Julio Carvajal

‎12-29-2011 08:16 AM

That's exactly what I was afraid of.

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to robdinan1

‎12-29-2011 09:39 AM

Hello Robert,

Yes, that is one license limitation on the ASA 5505.

Let me know if you have any other question if not please mark the question as answered.

I will be more than glad to help.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
robdinan1
Level 1
Level 1
In response to Julio Carvajal

‎12-29-2011 09:44 AM

Done, thanks for your help.

On Thu, Dec 29, 2011 at 12:39 PM, jcarvaja <

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to robdinan1

‎12-29-2011 05:13 PM

Hello Robert,

Thank you very much for the rating.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card