As you aware that we can create VLAN on asa 5505 firewall and assign multiple interfaces of firewall to the VLAN. My question here is for cisco asa model 5510 wherein we can't create VLANS but we can create sub interfaces and can assign the VLAN ID and making the trunking port of that interface on which the sub interface is created, multiple VLANS traffic can be moved that is understood but if talk about two switches being used for redundancy purpose then how would be the connectivity in between the firewall and the two switches. Can somebody please help in this as I'm designing a network here? Thanks.
As you noticed the ASA5505 is completely different when configuring Vlan related configurations. Mainly because unlike the other models it contains a builtin switch module. Other ASA models have normal L3 ports only which can be configured as Trunks.
To me it seems you have couple of options of which only 1 seems likely
Port-channel / Etherchannel
Software 8.4(1) requirement
To be able to connect to 2 different switches, the switches have to use either vPC or be a VSS pair. Simple switch stack wont do. This to my understanding would cause outage if either of the switches booted.
Configure pair of physical ports to belong to a logical Redundant interface
Configure this Redundant interface with Trunking just like any physical ASA interface
Only one of the physical interfaces would be used at one given time. When the active one fails the second will take over therefore utilizing the link to the other switch.
Judging by your ASA model I would presume you are not using any devices as switches that would support the first setup with Port-channel. Then my knowledge of switch models and what they support is very very limited so I might be wrong here also.
So to implement the redudant interface configuration you could use this as an example
ip address 10.10.100.1 255.255.255.0 standby 10.10.100.2
ip address 10.10.200.1 255.255.255.0 standby 10.10.200.2
ip address 10.10.30.1 255.255.255.0 standby 10.10.30.2
Here is a link to a Cisco ASA Configuration Guide for software level 8.2 with more information about the use of Redundant interfaces
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :