08-04-2009 02:48 AM - edited 03-11-2019 09:02 AM
Hi,
I'm trying to activate the DMZ interface on a restricted license ASA 5505 but I get an error when I try to ADD the interface. The message says "With the current license device will only supports 2 fully functional interfaces. Third interface can be added,but the traffic from this interface to another interface need to be blocked. Please make appropriate selection in advanced tab." I gather that I have to define the limitation myself? The problem is that I can't access the advanced tab because of the error. Can I do something via CLI to get through? I'm using ASA 8.2 and ASDM 6.2.
Thanks, Joe
Solved! Go to Solution.
08-04-2009 06:46 AM
from the CLI, on the vlan interface config of the dmz interface you need to add the following config:
interface Vlan3
no forward interface vlan X
...where X is the vlan number where your DMZ will *NOT* be talking to.
08-04-2009 06:26 AM
if you need more that 2 interface, you should go to Sec-plus license.
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/int5505.html#wp1056883
Cheers
08-04-2009 06:46 AM
from the CLI, on the vlan interface config of the dmz interface you need to add the following config:
interface Vlan3
no forward interface vlan X
...where X is the vlan number where your DMZ will *NOT* be talking to.
08-04-2009 06:54 AM
Yeah, I know. I'm trying to save the 450 euros...
Anyway, it's not totally true : the 5505 can use a DMZ but with restricted access. I don't know how to activate the third interface via ASDM, but then I got it up via the following CLI command I found in a forum on the Internet :
interface vlan3
no forward interface vlan1
nameif dmz
security-level 50
ip address 192.168.1.1 255.255.255.0
Automagically, when I accessed the ASDM, I found a new column in the Interfaces tab named "restrict traffic flow" (at least I believe it wasn't there before!). I can't send traffic from the DMZ to the internal network, but it's not essential for me. I'm happy now.
Cheers, Joe
05-08-2013 04:22 AM
Thanks Joe. It helped me !!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide