pix 515 subinterfaces

daysleeper · ‎07-16-2008

Hi to all,

i need to configure a subinterface as inside and i want to know if i need to configure a vlan in order to make it work or if is possible to avoid the vlan.

5220 · ‎07-16-2008

Hi,

There is no other way than to use VLANs.

The ASA interface will be configured as trunk, while for each VLAN you will configure subinterfaces. Assign one VLAN ID per interface.

The IP of the ASA on each subinterface will be the default gateway for the devices on that subnet.

interface GigabitEthernet0/1

description "Trunk Connectivity with SW"

speed 100

duplex full

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/1.100

vlan 100

nameif VLAN100

security-level 80

ip address xxxxxxx

!

interface GigabitEthernet0/1.200

vlan 200

nameif VLAN200

security-level 70

ip address xxxxxxx

!

interface GigabitEthernet0/1.300

vlan 300

nameif VLAN300

security-level 60

ip address xxxxxxx

An example with VLANs and remote access VPNs:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806ab788.shtml

BTW, ASA does not have Native VLAN support. So if you need VLAN 1 for some reason, you need to create a subinterface for it.

Please rate if this helped.

Regards,

Daniel

srue · ‎07-16-2008

the physical interface can pass untagged packets.

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/intrface.html#wp1044006

what version OS does the pix515 use?