Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
270
Views
0
Helpful
1
Replies

Firewall ASA Sub-Inetrface

chetansharma
Level 1
Level 1

‎01-04-2009 02:36 AM - edited ‎03-11-2019 07:32 AM

i am unable to create sub-inerface on my asa 5540.Failover is active/stand-by.How can i create sunb-interface and vlan in ASA 5540.

Labels:
0 Helpful
1 Reply 1

JORGE RODRIGUEZ
Level 10
Level 10

‎01-04-2009 09:30 AM

Chetan,

Follow this link for configuring subiterfaces, keep in mind, to create subinterfaces you will be using do1q encap so ensure your switch physical connection to ASA port where subinterfaces will be created also be configured for dot1q trunking as well as respective VLANs IDs.

VLANS are created in your L2 switch and pass them to asa via dot1q trunk.

Also you said you have failover pair, I assume you have already configured active/standby and that you have active unit in one switch and standby unit in another switch both switches trunked ,or same switch? so if you are going to create sub-interface in ASA you will have to create dot1q trunk on the switch or swithes for both physical connections of Active FW and Standby FW.

Subinterfaces and dot1q

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/intrface.html

Look at the topology digram in this scenario Active/Standby to sort of give you a picture of physical connectivity.

Active/Standby

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml

Regards

Jorge Rodriguez
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card