Cisco Firewall :: 5505 Licensing And VLANs

Oct 2, 2012

so I look up ASA5505 licensing and for VLAN support see: 3 (no trunking support)/20 (with trunking support)*
I need 3 VLANs...inside, outside, and DMZ..but when it is creating the third (DMZ) it says I am only allowed to have 2 VLANs and can only create the third if its set to not forward traffic. ?

View 1 Replies


Cisco Firewall :: Information About ASA 5505 Licensing?

Jan 3, 2013

I am in need of some information regarding licesnes on the ASA 5505.I have a client who is connecting their main office to a DR site via a site-to-site VPN. I understand that the standard license for the ASA 5505 is for 10 clients.Does the site-to-site connection consume one of these licenses?Does each endpoint communicating over the site-to-site VPN consume one license also?For example, if I have the site-to-site VPN and 10 servers on each side, would that mean that I need 21 licenses; 1 for the VPN and 20 for each server on each side?

View 4 Replies View Related

Cisco Firewall :: 5505 / 5585 - Licensing Change On ASAs

Jan 16, 2013

I just learned that the licensing structure for the ASAs is changing, but I don't have any details. We have roughly 30 ASAs (from 5505s to 5585s).  If there's a licensing change, I need to do an impact assessment and plan accordingly. 

View 5 Replies View Related

Cisco Firewall :: ASA 5505 - Ping Between Two VLANs?

May 24, 2012

i am trying to get my ASA 5505 with 2 internal VLANs (voice and data) and external internet VLAN to run in router as a stick, and route between VLANS.
I cant get it working though:


View 4 Replies View Related

Cisco Firewall :: Routing Between VLans On ASA 5505?

Dec 5, 2012

I have an ASA 5505 and I have the three regular vlans, outside, inside and dmz. The best would be only have outside and inside and skip dmz, but without explenation there is not possible to have more then two clients in whats now dmz because of a mac filter on third party device.
So as security is concerned dmz and inside is equal, one to one and there should be full access between them. I ran the wizard and said that the only way traffic not should be possible to flow is from dmz to outside.
In the NAT rules the onle rule is
global (outside) 1 interface
nat (inside) 1
But traffic from one way or the other dmz to inside, og inside to dmz it says in log
3Dec 06 201215:38:39305006172.17.6.1053portmap translation creation failed for udp src inside: dst dmz:  From documentation I have an image with network drawing from documentation. What do I have to do allow traffic btween inside and dmz, both ways.

View 3 Replies View Related

Cisco Firewall :: NAT With Inside / DMZ VLANs On ASA 5505 V8.4(2)?

Sep 16, 2012

I have a 5505 with Base license running ASA software v8.4(2) that has been working happily for a while with an inside and an outside VLAN.
The outside has a single statically configured public IP, and I have a number of static NAT rules to expose a few internal servers as well as Dynamic-NAT for all devices on inside to gain access to the Internet... the main bits of the config are below:
interface Vlan1
nameif inside
security-level 100
ip address
interface Vlan2


I now have a requirement to add a "dmz" VLAN for guests to have access to the Internet using a dedicated wireless AP, but not to any of the inside resources. As the ASA has a base license I have configured "no forward interface" to the inside vlan, which suits the purpose fine
interface Vlan12
description Used only for guests access to the Internet - no access to the corporate resources
no forward interface Vlan1
nameif guests
security-level 20
ip address
My problem is that when I try to add NATing from the dmz to the outside I get a:
     ERROR: Address a.b.c.d overlaps with outside interface address.
     ERROR: NAT Policy is not downloaded
with either:
object network guests_subnet
nat (guests,outside) dynamic interface

Having had a look at the ASA Configuration guides, all the examples I can see with several "internal" VLAN's being NAT'ed use one external IP per VLAN - is this a feature/restriction of the ASA software? Are there any workarounds? Or is the overlap in the error message really about the current NATing to the inside VLAN which is done on the "any" subnet - would the following then work:
object network obj_any
nat (inside,outside) dynamic a.b.c.d
object network guests_subnet
nat (guests,outside) dynamic a.b.c.d

View 5 Replies View Related

Cisco Firewall :: Configuring VLANs In ASA 5505 Switch

Apr 19, 2011

I have 2 ASA 5505 firewalls and 1 cisco 3560 switch.
One ASA 5505 firewall and cisco 3560 switch located at SITE-A. Another ASA 5505 firewall located at SITE-B. 
Below is the my connectivity:
Site-A                                       IPSec VPN                                       Site-B
cisco 3560 <----------------------------> ASA 5505<------------------------------------------------------------------------------------> ASA 5505
I planned to create 5 vlans in my cisco 3560 switch. these 5 vlans needs to have internet and needs to access Site-B.
I will write on dafault route to firewall in my cisco 3560 switch. Is ASA 5505 supports this scenario??? If it is then how to configure ASA 5505 firewall.

View 4 Replies View Related

Cisco Firewall :: Can't Get Traffic Flowing Between VLANs On ASA 5505

Aug 20, 2012

I've got an ASA 5505 with the Security Plus license that I'm trying to configure.

So far I have setup NATing on two VLANs, one called 16jda (VLAN 16 - and one called 16jdc (VLAN 11 -

From each subnet I am able to connect to the internet, but I need these subnets to also be able to talk to each other.

I have each VLAN interface at security level 100 and enabled "same-security-traffic permit inter-interface", and I have setup static NAT mappings between the two subnets, but they still can't communicate.

When I try to ping there is no reply and the only log message is: 6     Aug 21 2012     09:00:54     302020     23336     0     Built inbound ICMP connection for faddr gaddr laddr

View 11 Replies View Related

Cisco Firewall :: 5505 - Route Traffic Between Two VLANs Through ASA

May 30, 2011

I have ASA 5505 Firewall with security plus license, I configured two V LAN 1 and V LAN 5 as my inside V LAN for different sub net, i need to route the traffic between this two V LAN's through ASA. I configured
int vlan 1
nameif inside
Security level 100
Ip address
[Code] .........

The problem is i am not able to ping other sub net, for ex my PC is in V LAN 1 not able to ping ... For troubleshoot i type debug icmp trace while pinging other subnet
ICMP echo request from to ID=512 seq=4608 len=32ICMP echo request from to ID=512 seq=4864 len=32ICMP echo request from to ID=512 seq=5120 len=32ICMP echo request from to ID=512 seq=5376 len=32

I turn off the firewall on my local machine.

View 10 Replies View Related

Cisco Firewall :: ASA 5505 Security License And Vlans Supported?

May 18, 2013

I am buying ASA 5505 with security  license. It says it can support 20 vlans does it support 20 vlans by allowing to create subinterfaces? As it has 8 physical ports only?

View 3 Replies View Related

Cisco Firewall :: ASA 5505 - All Traffic From Guest VLans To Always Go To Outside Interface

Mar 15, 2013

I have a ASA 5505 with the security plus license. I have 7 vlans, 2 are guest vlans for wireless and wired connections.  I am allowing traffic from the guest vlans to any with the http & https protocols I have ACL's in place before the allow all rule that do not allowed traffic from the guest vlans to the other vlans. Is there any way to have all traffic from the guest vlans to always go to the outside interface for the http & https traffic in stead of trying to go to the other vlans first, I know I have the ACL's in place to prevent the traffic but if I would feel better if I had this in place as well.

View 5 Replies View Related

Cisco Firewall :: ASA 5505 Vlans Routing & Access-list?

Jan 4, 2012

ASA 5505 vlans routing & access-list?

View 4 Replies View Related

Cisco Firewall :: Multiple WAN IPs Routed To Separate Internal VLANs On ASA 5505

May 25, 2011

I have an ASA 5505 with the security plus software and I'm trying to find out how to assign 2 public IPs to the outside interface and have each IP routed to a separate internal VLAN. For example, IP 1 = X.X.X.1 routed to and IP 2 X.X.X.2 routed to I was told this was possible and I've been trying to find configuration examples, but I can't seem to get anywhere and now I'm getting desperate because I'm scheduled to install it this weekend.

View 1 Replies View Related

Cisco Firewall :: ASA 5500X - Next Generation Firewall - Cluster Licensing

Apr 26, 2013

I'm working on a BoM for a customer and i need to offer an ASA5525-X pair in HA with AVC and WSE subscritption, I've two question:
1) In order to use AVC and WSE I need the ASA bundle that includes the SSD HD right? (ASA5525-SSD120-K9)

2) In order to have both ASA's in HA, do i need to order two Suscriptions (ASA5525-AW3Y-PR) or only one that is "shared" in the cluster?

View 1 Replies View Related

Cisco Firewall :: To Deploy ASA5585 In Between User Vlans And Server Vlans

Jun 1, 2012

WE have to deploy ASA5585 in between User vlans & server vlans. we have to find all the ports that needs to be opened on firewall. any tools to do same.

View 2 Replies View Related

Cisco Firewall :: Pix 501 Licensing With Asa5510

Dec 5, 2012

I bought a Cisco ASA 5510 (P/N: ASA5510-BUN-K9) and i would like to know if i have to buy some license,What i mean is, for the basics, it still being necessary aquire some license?

View 3 Replies View Related

Cisco Firewall :: ASA 5510 Licensing With HA And SSL

Jan 9, 2013

we have a customer with 2 x ASA5510-SEC-BUN-K9 running in an active/active HA mode. On the primary ASA he has 25 SSL premium licenses, but on the secondary ASA he has only 10 SSL licenses. Is there a need that both ASA´s has the same kind of licenses?

View 5 Replies View Related

Cisco Firewall :: ASA 5585-X Licensing

May 6, 2012

I have registered the license purchased for the ASA 5585X appliances and have received the following listed as features.
> Failover : Enabled > Encryption-DES : Enabled > Encryption-3DES-AES : Enabled > Security Contexts : 20 > GTP/GPRS : Disabled > AnyConnect Premium Peers : Default > Other VPN Peers : Default > Advanced Endpoint Assessment : Disabled > AnyConnect for Mobile : Disabled > AnyConnect for Cisco VPN Phone : Disabled > Shared License : Disabled > UC Phone Proxy Sessions : Default > Total UC Proxy Sessions : Default > AnyConnect Essentials : Disabled > Botnet Traffic Filter : Disabled > Intercompany Media Engine : Disabled > 10GE I/O Plus : Disabled(code)

View 4 Replies View Related

Cisco Firewall :: 5510 ASA Failover Licensing?

Feb 28, 2011

I have a customer who has purchased a Cisco 5510 and after we received it and all the necessary VPN, 3DES etc. licensing for it, then informed us that they order 2 T1 lines so they can have Internet failover.
My question is: Does this require an additional specialized license from Cisco in order to enable and configure it?  And if so, what that part number is?

View 2 Replies View Related

Cisco Firewall :: BOM Product Licensing Of 5500 ASA

Aug 27, 2011

I am pretty new to cisco and the learning community forums is truely one of a  kind.Actually, I work on a company which deals the Cisco products, Routers/Firewalls/Switches and stuffs. I am sure you get the picture. What confuses me is the product licensing of ASA5500. To be more specific, we are proposing certain things. And that came with the product pricing sets and all. But I amn't having a clear picture on ASA 5500 Strong Encryption License (3DES/AES). Does that come inbuilt(free) or should there be any pricing behind that!?

View 5 Replies View Related

Cisco Firewall :: ASA 5585 Multiple Context Licensing

Apr 27, 2011

I am looking to deploy a cloud/borderless network solution and cannot get my head around how the licenses (AnyConnect Mobile and essentials) will be applied in a multiple context deployment. Any correct documentation.

View 1 Replies View Related

Cisco Firewall :: ASA 5520 High Availability Licensing

Mar 20, 2011

A customer is currently running a 5520 ASA pair in active/standby HA mode. The devices also have an IPS module, one of them using a temporary (60-day) license.  So, right now, licensing is identical on both ASAs and HA is operational.
The question is what exactly will happen after 60 days, once the temporary license expires?  Does HA shutdown completely once it's determined that the licensing isn't a 100% match any longer, or does it just cripple one feature (such as the IPS module)?
The customer is balking at purchasing SMARTnet for the 2nd ASA, so I need to explain exactly what is going to happen (if anything) once the license on the 2nd ASA drops off...

View 4 Replies View Related

Cisco Firewall :: ASA5500 - AnyConnect Vs IPsec VPN Client Licensing

Sep 19, 2011

I was wondering if  it is needed to license the IPsec VPN clients in the ASA5500 firewalls...I know that you have license the SSL VPN peers (AnyConnect). I am almost sure that for the IPsec you don't have to.

View 1 Replies View Related

Cisco Security :: ASA 5505 Security Plus Licensing?

May 24, 2011

I have a ASA 5505 that I test with which originally came with the Security Plus license. I recently erased flash and loaded the latest asa841-k8.bin version of IOS along with asdm-642.bin. Everything booted fine and came up as it does when freshly wiped however I noticed that i was now only running a base license. If I issue the sh activiation-key command, I noticed the following messages (full output is at the bottom):
The Running Activation Key is not valid, using default setting
This platform has a Base license.
Failed to retrieve flash permanent activation key

 Did I somehow kill my Security Plus licensing when I did the erase flash? If so how do I recover it? 
ciscoasa# sh activation-key
Serial Number:  JMXXXXXXHU
Running Permanent Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000

The Running Activation Key is not valid, using default settings:
Licensed features for this platform:
Maximum Physical Interfaces       : 8              perpetual
VLANs                             : 3              DMZ Restricted
Dual ISPs                         : Disabled       perpetual
VLAN Trunk Ports                  : 0              perpetual


 This platform has a Base license.Failed to retrieve flash permanent activation key.The flash permanent activation key is the SAME as the running permanent key.

View 2 Replies View Related

Cisco :: Connecting Two VLANs Via An ASA 5505?

Mar 20, 2013

routing between VLANs on my ASA 5505. I am very technical system wise, but my knowledge of routing and switching is very shallow.

What I am trying to accomplish: Small lab environment with basic services split onto two seperate VLANs (such that DHCP would need a relay on the second VLAN to deliver leases). No external network connection as of right now (so no Internet).

My current configuration:
Cisco Catalyst 2960
As you can see below, the two VLANs I am trying to set up are vlan101 ( and vlan102 (

View 8 Replies View Related

Cisco VPN :: How Many VLans ASA 5505 Security Plus Support

Nov 18, 2011

i have asa 5505 adaptive security plus. and  i have only 3 vlans . outside , inside , DMZ it's working fine but i want to connect to my inside another private network,  or do  i need to buy License.and how i can activate the license key.

View 4 Replies View Related

Cisco Switching/Routing :: ASA 5505 - Port 80 Route Between Vlans

Apr 14, 2013

I have 2 Vlans with seperate networks and want to create a route between one server in vlan 465 to another server in vlan 436 via port 80.Vlan 465 has a ASA 5505 inside that IP address will be initiating the connection to address
-Vlan 465: server address
-Vlan 436: server address
However for extended security I would like to restrict the firewall opening to an IP to IP opening.

View 7 Replies View Related

Cisco Switching/Routing :: 3650 / 5505 / 1252 - Access Between VLANs

Dec 22, 2012

I have set up a scenario for a small business and have some questions about how to manage the access between the VLANs. Is there is a better / another way to do it. See the attached picture for the topology / info.
My question is:  
My switches is set up with x numbers of VLANs and a routed port (no switch port) to the ASA for internet connectivity. How is the best (or only??) way to manage the access between the VLANs?  Is it ACL's on the switch?
And by "managing access" I mean VLAN 50 (public WiFi) only have access to the internet, only management servers have access to management VLAN, Client VLAN only have RDP access to server VLAN and so on. Is there any way to do this in the ASA (or add another (gigabit) router to the topology)) or it the only way to have lots of ACL's on the switch itself? I have thought about "router on a stick", but then I imagine there will be a bottleneck between the switch and the ASA?  

(Equipment is 2 x 3650G, ASA5505, AP1252 - see attached file).         

View 3 Replies View Related

Cisco Firewall :: ASA 5510 / Multiple VLANs Behind Single Firewall Segment?

Feb 5, 2012

I need to create a firewalled segment that not only separates hosts from general population, but also from each other.  The solitary confinement of firewalled segments.I know that I could create a bunch of sub-interfaces, one for each host or group that needs to be isolated, but I'd really rather not have to do that if possible.  1) It could become a management nightmare between ACLs and sub-interfaces and 2) it's a waste of IP addresses.s there any way that I can create a bunch of separate VLANs behind the firewall and have them all terminate at the firewall, using a single firewall IP address for the gateway?
VLAN 1 - hosts and 2 - hosts
Firewall DMZ Interface - 3 - hosts and 

This way, the hosts are isolated and can't talk to each other unless they're on the same VLAN.I'm working with an ASA 5510 running 8.2.4(4).

View 1 Replies View Related

Cisco Firewall :: Make Communication Between 2 Vlans On Firewall 5520 ASA 8.2

Jan 1, 2012

communication between 2 vlans.i have 2 vlans
Vlan 100
ip add
Vlan 200
ip add 
i want to make communication between 2 vlans on firewall 5520 ASA 8.2.

View 1 Replies View Related

Cisco Firewall :: Firewall Vlans On Catalyst 6500 By Using ASA

Aug 9, 2012

How to secure vlans on Catalyst 6500 by using Cisco ASA Firewalls?There are no free modules on Catalyst 6500 to install a FWSM module.What is the best configuration to secure vlans (~80 vlans) by using cisco ASA firewalls (context, hairpining...)?

View 1 Replies View Related

Cisco Firewall :: Configuring VLANs On 5515-X Is It Possible

Mar 29, 2013

I am trying to connect 2 VMWARE servers directly to my 5515-X firewall. [code]ASDM will not let me assign the same VLAN to both Gi0/2 and Gi0/3. I dont want to connect my VMWARE servers to a switch first (that just adds one more component that can fail).

View 4 Replies View Related

Cisco Firewall :: Create Vlans In ASA 5510?

Oct 25, 2011

I need to be able to create vlans in my ASA 5510.
I can'T find anywhere to do this.
I've tried the "routers command" I know, like vlan databse and it does'nt work
Is there a way to "enable" vlan on a ASA 5510 ?

View 3 Replies View Related

Copyrights 2005-15, All rights reserved