Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1876
Views
4
Helpful
4
Replies

Cisco ASA 5505 50-user bundle or Cisco ASA 5505 Security Plus bundle

Pertti.Ylajarvi
Level 1
Level 1

‎09-28-2012 12:45 AM - edited ‎03-11-2019 05:00 PM

Hi,

I have a question about Cisco ASA 5505 firewall.

We need 3 interfaces on the firewall ,  "inbound", "outbound" and "DMZ" ,  to control traffic between these zones.   

Can we do this with  Cisco ASA 5505 50-user bundle , or do we need  to purchase Cisco ASA 5505 Security Plus bundle to get the DMZ zone  working  

Best regards,

Pertti

Labels:
0 Helpful
4 Replies 4

Jennifer Halim
Cisco Employee
Cisco Employee

‎09-28-2012 01:02 AM

Yes you can do that with ASA 5505 (base license), you don't need the security plus license for 3 interfaces.

However, one of the interface (eg: dmz) can't initiate a connection to the inside zone (only to the internet).

Here is a diagram representation for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/intrface.html#wp1099376

In the diagram, business would be your inside interface, and home would be your dmz interface. Business/inside can initiate connection to both internet/outside and home/dmz. However, home/dmz can only initiate connection to internet/outside, not business/inside.

Hope that answers your question.

Pertti.Ylajarvi
Level 1
Level 1
In response to Jennifer Halim

‎09-28-2012 02:07 AM

Thanks Jennifer, your answer is great,

It brings up also an important thing concerning the traffic we need to implement between DMZ (home) amd Inside networks:

we have a e.g server in DMZ (home) zone that needs to make queries from a database on a server located in Inside zone, and deliver the queries ouside to the Internet (through outbound).

For this reason we would need the Security Plus licence anyway, If understood right ?

Best regards,

Pertti

0 Helpful

Harish Balakrishnan
Spotlight
Spotlight
In response to Pertti.Ylajarvi

‎09-28-2012 02:43 AM

Hello Pertti,

You are right. If you want the communication from DMZ back to inside, yes you do need a sec plus license

regards

Harish.

0 Helpful

Pertti.Ylajarvi
Level 1
Level 1
In response to Harish Balakrishnan

‎09-28-2012 02:50 AM

Hello Harish,

thanks for the confirmation.

Best regards.

Pertti

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card