11-21-2016 02:17 AM - edited 03-12-2019 01:33 AM
hello ladies and gentelmen,
i hope you can help me. have a little tricky situation. so, i have an ASA 5515 firewall with security Plus license. it supports only 100 VLANS and i need more. is there a way around to overcome this hurdle without incorporate more 5515 ASAs.
best regards
Majdy
11-21-2016 08:57 AM
No possibility, so far that I know.
Any way to have less segments in vlans?!
For example.
Dmz-office1 | dmz-office2 ...to be collected in dmz-office.
In particularly if the offices are similar for the point of view of policy!
If not... is alway one workaround to have:
dmz-office1 dmz-office2 == dmz-office
access-list office permit ip office1 inside
access-list office deny ip office2 inside
access-list office permit any any
access-group office interface office
...in this way yes... you have "less clean design", but if you can't upgrade ASA..... would be the only solution.
Please rate in case of you found this thread good!
11-22-2016 11:47 PM
thx for the reply. until now upgrading oder more ASAs is the solution. less segments is nicht doable in my enviroment. now testing vrf. maybe VRF can help with this? minimizing vlans number for ASA.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide