Requirement to use sub interfaces on ASA 5520 Firewall in failover config

Unanswered Question
May 16th, 2007
User Badges:

Dear All,

i recently involved in one of the ASA 5520 firewall installation. We ordered the 2 firewall with limited 4 ports to support the client's exsiting 7 Networks.Now we have found the port shortage to support the said number of the interfaces (7). I configured the firewall in LAN fialover usign 1 ports exach from the bothe firewall. Now we have 3 ports in eaxh firewall to support 7 networks (I Internal ,1 Outside, 5 DMZs).

Please could u give the solution to configured the sub interfaces to solve the issue. Client already bought the AIP-SSM for the slot in free.

Thanks in Advance.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
cpembleton Wed, 05/16/2007 - 05:53
User Badges:
  • Silver, 250 points or more

If the DMZ interface is connected to a switch create sub-interfaces and setup the switch port for do1q trunking.

interface GigabitEthernet0/3

description DMZ Interface

speed 100

duplex full

no nameif

no security-level

no ip address

no shut

interface GigabitEthernet0/3.20

description DMZ Subnet 1

vlan 20

nameif DMZ1

security-level 50

ip address X.X.X.X X.X.X.X

interface GigabitEthernet0/3.30

description DMZ Subnet 2

vlan 30

nameif DMZ2

security-level 50

ip address X.X.X.X X.X.X.X



Please rate if helpful!


This Discussion