05-22-2008 02:11 PM - edited 03-11-2019 05:48 AM
Hi all,
Does anybody know if the new ASA 5580 support the creation of VRF instances?
Regards!
05-23-2008 07:43 AM
interface GigabitEthernet x/x.y
= y being the VRF
nice and easy.
HTH.
08-04-2015 09:43 AM
that would be a sub-interface, which isn't the same as VRF.
Vicente,
I was trying to figure this out as well, and VRF doesn't seem to be supported on my asa5585 running 9.2 and ADSM7.4
08-04-2015 01:29 PM
Way to revive a 7-year old thread!
The 5580 (and all ASA models) only has a single routing table (aka RIB or Routing Information Base). It does not support Virtual Routing and Forwarding (VRF) instances.
The latest ASA 9.4 software (for the X series only - not the 5580) did just introduce policy-based routing. Still not anywhere near the same as VRFs but it may help some folks who need some routing flexibility.
08-05-2015 05:38 AM
Thanks for the quick response Marvin. I didn't see anything in the device documentation, but want to make sure I wasn't missing something. Time to think about updating to 9.4!
08-05-2015 06:33 AM
Just to add that there is always the option of contexts.
To be fair Andrew's original answer isn't that bad. You are right that a subinterface is not a VRF obviously but I have seen designs where the VRFs are terminated on separate interfaces or subinterfaces on the firewall and because a firewall by definition is a security device you can then control inter VRF communication statefully.
In fact in a lot of cases it is easier to do this than to have to mess around with route leaking between VRFs on a L3 device.
No criticism intended, just thought I'd mention it.
Jon
08-05-2015 06:36 AM
Good point Jon.
You're right of course - using interfaces or subinterfaces on an ASA to manage communications between distinct VRFs on adjacent devices may even be in one of the CVDs. I have seen it done that way in more than one large data center design.
Personally I dislike contexts unless they're needed for multi-tenancy. But that's just my early bad experiences with them. :)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: