Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Configure sub-interfaces in Cisco ASA 5520

Hi,

I have a cisco ASA 5520 that i'm configuring.

From the actual Firewall (with is a linux server), we have the outside interface eth0 with has a public IP and other sub-interfaces (eth0.1; eth0.2,...) with others publics IPs.

I'd like to know how I can configure it in an ASA

Thanks

7 REPLIES

Re: Configure sub-interfaces in Cisco ASA 5520

Hi Yolande,

Here is one example below.

interface Ethernet0/0

speed 100

duplex full

no nameif

no security-level

no ip address

!

interface Ethernet0/0.1

vlan 1

nameif management

security-level 100

ip address 10.10.10.1 255.255.255.252

!

I hope this answers your question.

thanks

Rizwan Rafeek

Message was edited by: Rizwan Mohamed

New Member

Re: Configure sub-interfaces in Cisco ASA 5520

Hi rizwanr74,

in your configuration, you add vlan1. should I always put the vlan?

I have about 10 sub interfaces to configure with the ASA; i am wondering if i should create 10 vlans

thanks

Re: Configure sub-interfaces in Cisco ASA 5520

"in your configuration, you add vlan1. should I always put the vlan?"

Yes, you must have a vlan number and ASA's port in the example it is "interface Ethernet0/0" will be connected a trunk port on to a switch.

With layer2 vlan number, your internal switch will know for which vlan it must forward to packet to.

"I have about 10 sub interfaces to configure with the ASA; i am wondering if i should create 10 vlans"

Natually you will have to create ten subinerfaces with layer2 vlan number.

Hope that answers your question.

thanks

Rizwan Rafeek

New Member

Re: Configure sub-interfaces in Cisco ASA 5520

if i resume, i should just create a layer 2 vlan and then my 10 subinterfaces with be linked to the vlan number?

Configure sub-interfaces in Cisco ASA 5520

"if i resume, i should just create a layer 2 vlan and then my 10 subinterfaces with be linked to the vlan number?"

You do not create the layer2 vlan numbers sperately on the ASA, but rather you assing a subinterface itself to a layer2 vlan number (as shown below), by doing so your trunk port on your switch will know for switch layer2 vlan a given packet is coming on the trunk port.

!

interface Ethernet0/0.200

vlan 200

nameif inside

security-level 100

ip address 10.10.10.1 255.255.255.252

!

!

interface Ethernet0/1.300

vlan 300

nameif management

security-level 100

ip address 10.30.30.1 255.255.255.252

!

Hope this answers your question.

thanks

Rizwan Rafeek

Please rate helful post.

New Member

Configure sub-interfaces in Cisco ASA 5520

hi

thanks for your answer but my concern if that those vlan (200, 300 on your example) are there also in my lan? because on my lan, i have some Vlan which are not on my actual firewall.

Re: Configure sub-interfaces in Cisco ASA 5520

You would want to create a vlan in the Firewall at first place, only if you have those vlan locally exists on your LAN or WAN for peering with given segments.

If you do create a vlan just only on your Firewall without that particular vlan exists on your LAN or WAN, where does the traffic from such vlan can communicate with for peering?  Answers is nowhere.

I hope that answers your question or concern.

thanks

Rizwan Rafeek.

Please rate helful post.

2379
Views
0
Helpful
7
Replies