I have to create 8 different VLANS and have only 2 Interfaces left to play with.
So I am planning to subinterface the existing Gi Interface and assign each sub interface to the VLANS.
I am wondering how would I create access-list for each sub interface. Will the newly created sub-interface be visible on the ADSM under ALL interfaces
Please let me know
Chandru, as I said it before, it all depends what your requirements are between vlans, if you want to have full acl control bewteen vlans from a central point then I would recommend using ASA subinterfaces and use switch as a layer 2 device only .
I do not want to rule out the use of ACL on the layer 3 switch as it is also possible but it all depends on how confortable you are implemeting acls to control traffic bewteen vlans from the switch itself and not the firewall.
If you use the switch for your intervlan routing IP communication between vlans will be handle by the layer 3 switch and not the firewall, if your requirements is to have 8 vlans for example and control the traffic between them by means of ACLs have the firewall do the job, thus you will have a central point of access control lists implementation and easy administration of ACLs from the ASA firewall.
As for NAT go over this link carefully to understand the use of NO NAT or NAT control between interfaces or subinterfaces in ASA.
I think this link will gove you a very gopod global picture with some examples of NATing.
I gave an example config including couple of links to someone few days ago on this, to answer your question configure the subinterfaces in CLI it is much easier, and yes you should be able to see the subinterfaces in ASDM. If you will be using diferent security levels on the subinterfaces the access-list NAT control will function the same way as you are used to with normal dedicated interfaces.