"ONE ASA GAME" > 2 outside physical interfaces + (1 dmz + 1 inside) on subinterfaces .....

Answered Question
Jul 13th, 2010

Hi Guys,

I have a simple setup and diagram is uploaded .

Can i have a sample config anywhere on cisco.com website or any blog reference....


In the diagram attached, i have 2 outside networks connecting to 2 DIFFERENT ISPs..... they are physically different interfaces.

In the diagram , i have 2 other interfaces also E0/2.1 and E0/2.2 and they will be subinterfaces on E0/2 only.

The E0/2.1 will be the DMZ      with 172.x.x.x network and E0/2.2 will be INSIDE network with 10.x.x.x as the picture shows ?

May  i get any reference config in cisco website or any blog guys ??? or anyone has faced the same scenario, can share the config ?

I have this problem too.
0 votes
Correct Answer by kenrandrews about 6 years 4 months ago

Here is an example for the Dual ISP issue:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

The other issue of using sub-interfaces for a DMZ I believe will not work. Technically you are supposed to get licenses for more interfaces so I can't imagine they would just let you use sub-interfaces instead of getting the required licenses, but I have never tried it. I am assuming that is why you are using sub-interfaces.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
kenrandrews Tue, 07/13/2010 - 12:48

Here is an example for the Dual ISP issue:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

The other issue of using sub-interfaces for a DMZ I believe will not work. Technically you are supposed to get licenses for more interfaces so I can't imagine they would just let you use sub-interfaces instead of getting the required licenses, but I have never tried it. I am assuming that is why you are using sub-interfaces.

Actions

This Discussion