Ok, I have read that before. It looks like to me I can use both the physical ports as before and Trunking/VLAN features.

What I need is this.

1)Use the physical NameIf itnerfaces on ASA for inside/outside/dmz1/failover. I realize that that will require setting up the Mgt interface as a "real interface" and not mgt interface. There is a tech note on doing that

2)Use the 5th port on the ASA with VLAN/Trunking to support Dmz2/Extranet interfaces via the 6500 switch.

There is still no example as to what the finished ASA config looks like here on the cisco site.

Typically cisco will have a config guide with diagrams, device configs and traffic flows.

Is this some hidden feature that Cisco doesn't want users to know about so they will purchase the 4port GigE card for the ASA that costs more than the 5510 itself? :)

Doug,

for number 1) and 2)

For above requirements do each requires to have its own physical interface? if so then you are leting pass trunking feature asa 7.x and above provides you could accomplish inside/outside/dmz1 off one interface with trunking. Use the management interface if you get security plus license and make it a routed port and do your failover using that physical interface.

in above scenarion you will have used two physical ports and still have three physical ports left.

now if you need physical interfaces you could do one interface for inside one for outside

use mgt interface for failover,you still have two physical interfaces left,use one of these two for DMZ1/DMZ2 and/or any extranet interfaces needed using 802.1q.

Is this some hidden feature that Cisco doesn't want users to know about so they will purchase the 4port GigE card for the ASA that costs more than the 5510 itself? :)

no hidden features Im aware of, simply it comes down to using 802.1q trunking and subinterfaces, remember with sec plus you have up to 100 Virtual interfaces for the entire asa5510 unit and all be able to use nameif

Rgds

-Jorge

PLS rate any helpful post if it helped