Do I need a Security Plus license on my ASA for multiple external IP's?
I have a client who wants to upgrade from their basic license on their ASA 5505 so that they can have multiple External IP's.
I wasn't sure if this was necessary(cisco doesn't list anything like that in their side by side comparison). Can someone clarify?
I wasn't sure if this was necessary(cisco doesn't list anything like that in their side by side comparison). Can someone clarify?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Perhaps what the original question is asking is this:
Can the ASA 5505 be configured with an interface IP, and also proxy arp for additional IPs associated with Static statements. Ie., when you want to expose an internal web server, you create these:
static (inside,outside) outside_ip inside_ip netmask 255.255.255.255
access-list acl_outside_in permit tcp any host outside_ip eq www
The ASA will now accept connections on port 80 to the outside_ip, which is in the same subnet as the ASA outside interface IP, but the ASA translates the sessions to the internal IPs. Now an ASA is using multiple IPs on the outside interface. (note, you must have a subnet assigned to you from your ISP that you can use the addl addresses for these Static statements)
Can the ASA 5505 be configured with an interface IP, and also proxy arp for additional IPs associated with Static statements. Ie., when you want to expose an internal web server, you create these:
static (inside,outside) outside_ip inside_ip netmask 255.255.255.255
access-list acl_outside_in permit tcp any host outside_ip eq www
The ASA will now accept connections on port 80 to the outside_ip, which is in the same subnet as the ASA outside interface IP, but the ASA translates the sessions to the internal IPs. Now an ASA is using multiple IPs on the outside interface. (note, you must have a subnet assigned to you from your ISP that you can use the addl addresses for these Static statements)
If they are getting multiple IP addresses from the same ISP, then they do not need the upgrade.
If they are getting IP addresses from multiple ISP's, then yes, they need the upgrade.