No possibility, so far that I

majdy · ‎11-21-2016

hello ladies and gentelmen,

i hope you can help me. have a little tricky situation. so, i have an ASA 5515 firewall with security Plus license. it supports only 100 VLANS and i need more. is there a way around to overcome this hurdle without incorporate more 5515 ASAs.

best regards

Majdy

teatrodelsogno · ‎11-21-2016

No possibility, so far that I know.

Any way to have less segments in vlans?!

For example.

Dmz-office1 | dmz-office2 ...to be collected in dmz-office.

In particularly if the offices are similar for the point of view of policy!

If not... is alway one workaround to have:

dmz-office1 dmz-office2 == dmz-office

access-list office permit ip office1 inside

access-list office deny ip office2 inside

access-list office permit any any

access-group office interface office

...in this way yes... you have "less clean design", but if you can't upgrade ASA..... would be the only solution.

Please rate in case of you found this thread good!

majdy · ‎11-22-2016

thx for the reply. until now upgrading oder more ASAs is the solution. less segments is nicht doable in my enviroment. now testing vrf. maybe VRF can help with this? minimizing vlans number for ASA.

. getting more vlans on ASA 5515