Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA5505 - VLANS vs. Ethernet Interfaces

I am in the process of configuring my ASA5505. I have the Security+ license. I am finding that I have no choice but to use VLANS and then switchport my E0/* interfaces. Is this true or can I somehow get around this setup and assign IPs and Names to E0/* interfaces w/o using VLANs?

Community Member

Re: ASA5505 - VLANS vs. Ethernet Interfaces

You've got 20 VLAN's available w/ Security + (but you prob know that already)...

You can't get around using VLAN's on interfaces, from what I've experienced...

Any reason why you can't do w/ VLAN's and switchporting interfaces vs. assigning IP's/names to interfaces?

Community Member

Re: ASA5505 - VLANS vs. Ethernet Interfaces

20 really? thru asdm must be.

I have experienced the same thing. VLANS rule!

I guess my understanding of VLANS vs physical int's wasn't up to par but Magnus solved the puzzle

remove the following lines from the config:

nat (DMZ) 1 access-list WEB1

global (outside) 1 webserver_real

And add the following lines:

static (DMZ,outside) webserver_real netmask

access-list ACLIN permit tcp any host webserver_real eq 80

I still don't get why the asa prefers the public IP over the NAT. Wait I get it. Public IP rules.

CreatePlease to create content