Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Context Mode

i have an ASA5510 trying to configure multiple IP's to outside interface but cannot. I have it on my pix515 but do not know how to do it in ASA device. i am using my CLI config from the 515 to figure out in the GUI for the ASA

3 REPLIES

Re: Context Mode

are you saying you want to have multiple ip address on your outside interface?

New Member

Re: Context Mode

that is correct....thks.

Re: Context Mode

you can create subinterfaces on an appliance to have multiple IP's on the outside interface, you can use the interface command followed by the interface name and the subinterface number, as shown in the following syntax:

interface physical_interface.subinterface

Here, physical_interface is the actual physical interface and subinterface is an integer between 1 and 4,294,967,295. Example 4-13 demonstrates how to create a subinterface 300 on GigabitEthernet0/0.

Example 4-13. Creating a Subinterface

Chicago# configure terminal

Chicago(config)# interface GigabitEthernet0/0.300

Once you have created a subinterface, the next step is to associate the interface with a unique VLAN identity. Assign a VLAN ID by using the vlan subinterface configuration command followed by the actual VLAN ID, which ranges between 1 and 4096. In Example 4-14, the administrator has linked GigabitEthernet0/0.300 to vlan 300. Although the subinterface number and the VLAN ID do not have to match, it is a good practice to use the same number for ease of management.

Example 4-14. Associating a VLAN ID to a Subinterface

Chicago# configure terminal

Chicago(config)# interface GigabitEthernet0/0.300

Chicago(config-if)# vlan 300

Caution

If the main physical interface is shut down, all the associated subinterfaces are disabled as well.

The subinterface is configured identically to a physical interface, using the nameif, security-level, and ip address commands. It does not, however, allow the use of speed and duplex commands, discussed in the previous section. Example 4-15 shows a subinterface GigabitEthernet0/0.300 configuration that is set up as a DMZ interface with the security level 30 and an IP address of 192.168.20.1/24 in VLAN 300.

Example 4-15. Configuring Subinterface Parameters

Chicago# configure terminal

Chicago(config)# interface GigabitEthernet0/0.300

Chicago(config-if)# vlan 300

Chicago(config-if)# nameif DMZ

Chicago(config-if)# security-level 30

Chicago(config-if)# ip address 192.168.20.1 255.255.255.0

220
Views
0
Helpful
3
Replies
CreatePlease to create content