Cisco ASA 5505 Base license limitations

Discussion in 'Cisco' started by tbaker44, Oct 24, 2012.

  1. tbaker44


    Oct 24, 2012
    I have been attempting to get a straight answer from the CDW Cisco guys for two days now to no avail. I am hopeful that someone here can answer my question.

    I have an ASA 5505 and need to have 2 inside VLANS. One will be the business network and one will be a wireless guest network. These VLANS should never be able to pass traffic to one another but they do both need internet access. Is this possible out of the box with my hardware?

    The reason I am asking is due to the limitations of the third interface having to be configured with the no-forward command.

    tbaker44, Oct 24, 2012
  2. tbaker44


    Jun 28, 2008
    Yeah, it can be hard to get a straight answer on that question.

    Here's the deal, with the base license, you can really only have two layer-3 interfaces. The "restricted" DMZ vlan is pretty much useless. It cannot initiate traffic to the other VLANs. It can, however, respond to requests initiated from the other VLANs.

    So in short, the base license will not support what you want to accomplish.
    donjohnston, Nov 22, 2012
