If you have an interface say it gigabit ethernet 0/1 in order to create a subinterface of gigabitethernet 0/1 you have to issue the command:
interface gigabitethernet 0/1.x where x is a number (say it 1..for example)...
I hope this help.s
I got similar problem.
My ASA says ethernet instead of Giga.
I def have Security Plus license, Check in "about" via ASDM.
Because ASA 5505 only have ethernet ports not gig ports.Here's the datasheet:
Thanks, it is ASA 8.2
But I did that:
ciscoasa(config)# int e0/0
ciscoasa(config-if)# no nameif
ciscoasa(config-if)# no sec
ciscoasa(config-if)# no security-level
ciscoasa(config-if)# no ip ad
ciscoasa(config-if)# no ip address
and got this when trying to create subinterface:
ciscoasa(config)# int ethernet 0/0.1
ERROR: % Invalid input detected at '^' marker.
you create a vlan interface, then assign the physical interface to the vlan.
Int vlan x
Switchport access vlan x
Sent from Cisco Technical Support iPad App
You cannot create sub-interfaces on the physical interface on the ASA 5505 but you would need to create vlan interfaces as specified above.
I thought that with security plus license I can?
Basically I need outside interface to listen on more than 2 public IPs.
As outside interface is on /28 network.
If I create config as Andrew adicesed, will that work?
The thing with the ASA 5505 is that without the security plus license you will not be able to have more than 2 interfaces unrestricted. So that is why you need it.
Now that you have it you can create more vlans with the suggestions Andrew have provided you.
Seems like you want the ASA to have connectivity to the outside using 2 ip addreses on the same subnet, that will not be possible as each vlan interface got to be on a different broadcast domain. You can configure the ASA to proxy-arp more than 1 ip address on its outside interface by using static nat.
Also remember that the ASA does not support PBR.
Hope this helps.
Do rate helpful posts.
You cannot have an ASA "listen" i.e have an interface configured with 2 ip addresses. You configure 1 ip address on the outside, and your ISP will "route" the other ip range to that IP and you can then assign the other IP range to another seperate interface, or as Julio has also pointed out.
I had to return the ASA 5505 because of lack of functionality I was looking for.
It’s pretty shame for cisco ASA 5505 and the money you pay for it, and then cannot do job as old Watchguard x1000 L
Thanks for all support.