Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

DMZ Sub interfaces into sub interface

Hi,

We have ASA FW 5010 in our organization and we have 4 DMZ's under the DMZ interface on ASA and all DMZ's are created on sub interfaces and assigned different VLANS on each DMZ's like

DMZ-1 = 172.20.1.x - VLAN 1000

DMZ-2 = 172.20.2.x - VLAN 1200

DMZ-3 = 172.20.3.x - VLAN 1300

DMZ-4 = 172.20.4.x - VLAN 1400

My question is:

Can we break sub interface (DMZ-4) into again another sub interface and assign another IP address like

DMZ-4 = 172.20.4.x

---------= 172.20.5.x

Means one VLAN has two IP addresses for gateway.

One thing more how many times we can break one interface into subinterfaces.

I hope my question is enough for understanding.

Regards,

Saeed

Everyone's tags (3)
7 REPLIES
New Member

DMZ Sub interfaces into sub interface

No, this is not a supported feature.

I think you can put 250 subinterfaces on a physical interface.

New Member

DMZ Sub interfaces into sub interface

Thanks for the reply.

Can we break this feature on catalyst switches 2960 or 3560?

DMZ Sub interfaces into sub interface

"Can we break this feature on catalyst switches 2960 or 3560?"

Answer is still no.

Hope that answers your question.

thanks

Rizwan Rafeek.

VIP Purple

Re: DMZ Sub interfaces into sub interface

> Can we break this feature on catalyst switches 2960 or 3560?

You just want to have two IP-networks in one VLAN? If yes, that is possible on Routers and Switches with secondary IP-addresses. But the ASA doesn't support that.


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni

Re: DMZ Sub interfaces into sub interface

Hi Saeed,

You can create sub interface for the sub interface... because virtual interfaces can be created on the physical interfaces...... But two ip segments for a single vlan is possible in L3 switches / Routers. I never tried it in firewalls....

Here is the example in L3 switch

interface Vlan100

ip address 10.0.0.4 255.255.255.0 secondary

ip address 10.2.2.4 255.255.254.0

no shut

!

Re: DMZ Sub interfaces into sub interface

Sorry... Small correction... You cannot create....

Re: DMZ Sub interfaces into sub interface

ASA 5510 supports max of 100 sub interfaces / vlans.....

698
Views
0
Helpful
7
Replies
CreatePlease to create content