ASA Subinterfaces

Unanswered Question
Apr 7th, 2009

I am trying to configure sub interfaces on a Cisco ASA running v7.2 but it will not let me use the sub interface command?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (2 ratings)
Loading.
massimiliano.se... Tue, 04/07/2009 - 06:24

Hi,

If you have an interface say it gigabit ethernet 0/1 in order to create a subinterface of gigabitethernet 0/1 you have to issue the command:

interface gigabitethernet 0/1.x where x is a number (say it 1..for example)...

I hope this help.s

Best regards.

Massimiliano.

networker99 Tue, 04/07/2009 - 06:25

I tried that but I get the following

ciscoasa(config-if)# int ethernet0/0.100

^

ERROR: % Invalid input detected at '^' marker.

MarcinChameleon Mon, 01/09/2012 - 13:13

I got similar problem.

My ASA says ethernet instead of Giga.

I def have Security Plus license, Check in "about" via ASDM.

Please help.

Marcin

varrao Mon, 01/09/2012 - 13:25

Hi Marcin,

do you have the same ASA 5505???

Varun

MarcinChameleon Mon, 01/09/2012 - 13:29

Thanks, it is ASA 8.2

But I did that:

ciscoasa(config)# int e0/0

ciscoasa(config-if)# no nameif

ciscoasa(config-if)# no sec

ciscoasa(config-if)# no security-level

ciscoasa(config-if)# no ip ad

ciscoasa(config-if)# no ip address

and got this when trying to create subinterface:

ciscoasa(config)# int ethernet 0/0.1

                      ^

ERROR: % Invalid input detected at '^' marker.

Any ideas?

varrao Mon, 01/09/2012 - 15:14

You cannot create sub-interfaces on the physical interface on the ASA 5505 but you would need to create vlan interfaces as specified above.

Thanks,

Varun

MarcinChameleon Mon, 01/09/2012 - 15:52

I thought that with security plus license I can?

Basically I need outside interface to listen on more than 2 public IPs.

As outside interface is on /28 network.

If I create config as Andrew adicesed, will that work?

Marcin.

Julio Carvajal Mon, 01/09/2012 - 17:00

Hello Marcin,

The thing with the ASA 5505 is that without the security plus license you will not be able to have more than 2 interfaces unrestricted. So that is why you need it.

Now that you have it you can create more vlans with the suggestions Andrew have provided you.

Seems like you want the ASA to have connectivity to the outside using 2 ip addreses on the same subnet, that will not be possible as each vlan interface got to be on a different broadcast domain. You can configure the ASA to proxy-arp more than 1 ip address on its outside interface by using static nat.

Also remember that the ASA does not support PBR.

Hope this helps.

Do rate helpful posts.

Julio

MarcinChameleon Wed, 02/08/2012 - 02:49

Hi All,

I had to return the ASA 5505 because of lack of functionality I was looking for.

It’s pretty shame for cisco ASA 5505 and the money you pay for it, and then cannot do job as old Watchguard x1000 L

Thanks for  all support.

Marcin.

Actions

This Discussion