I have a new ASA 5512 which does not allow me to use VLANs like I did with previous version. I have 3 interfaces, inside, outside and dmz. I want to add another unused interface to my DMZ network instead of uplinking my dmz interface to a switch. Before i could create a vlan for DMZ and then add the interfaces to that. How can i have multiple interfaces on the same network? I essentionally want to make int gi0/3 into an acces port on the dmz network.
To my understanding the only Cisco firewalls that let you use Vlan interfaces are FWSM, ASASM and ASA5505 (which has a switch module unlike other ASA models) (Dont know about the ASA V1000 since I never even seen one)
I don't know that there is any way to bridge the ASA5500-X Series (or even the original series) physical interfaces. They are routed interfaces and not switchports.
Now that i think about it the only one i have been able to do vlans and place muliple interfaces in that vlan is the 5505. I saw an article talking about bridge-groups. Did not really apply to what i am doing but left me wondering if that is something that could accomplish the same thing.
When i do a show ver it says unlimited vlans. But sounds like you cannot really do anything with them.
To my understanding you wont be able to have 2 interface be part of the same subnet since all the ports are router/routed ports instead of switch ports.
You can configure a physical interface as a Trunk and configure the required Vlans on that Trunk. You can also configure an Etherchannel/Port-channel of multiple interfaces and use it as Trunk (which would be more logical choice wih the new ASA5500-X series as they have a better performance/throughput than the original ASA series.
We have actually run out of allocated Vlan interfaces on an FWSM once. The device had so many virtual firewalls (Security Contexts) that we reached the 1000 interface cap on the device.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...