Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Firewall ASA Sub-Inetrface

i am unable to create sub-inerface on my asa 5540.Failover is active/stand-by.How can i create sunb-interface and vlan in ASA 5540.

1 REPLY

Re: Firewall ASA Sub-Inetrface

Chetan,

Follow this link for configuring subiterfaces, keep in mind, to create subinterfaces you will be using do1q encap so ensure your switch physical connection to ASA port where subinterfaces will be created also be configured for dot1q trunking as well as respective VLANs IDs.

VLANS are created in your L2 switch and pass them to asa via dot1q trunk.

Also you said you have failover pair, I assume you have already configured active/standby and that you have active unit in one switch and standby unit in another switch both switches trunked ,or same switch? so if you are going to create sub-interface in ASA you will have to create dot1q trunk on the switch or swithes for both physical connections of Active FW and Standby FW.

Subinterfaces and dot1q

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/intrface.html

Look at the topology digram in this scenario Active/Standby to sort of give you a picture of physical connectivity.

Active/Standby

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml

Regards

141
Views
0
Helpful
1
Replies
CreatePlease to create content