Migrate ASA 5510 Inside Interface to Multiple Sub-interfaces
We currently have an ASA 5510 as our edge firewall that is connected on e0/1 to our core switch, a 4510R+E. The connection from the ASA is to an access port (vlan 99) on the 4510. I would like to migrate this configuration to subinterfaces on the ASA. I would like to have the existing configuration applied to e0/1 migrate to e0/1.1 and then add e0/1.2 for a guest wireless vlan. What is the best way to make these changes without having to completely reconfigure the ASA? I know I will need to trunk the connection from the ASA to the 4510 but I am looking for the best way to make these changes without having to completely reconfigure the ASA.
Re: Migrate ASA 5510 Inside Interface to Multiple Sub-interfaces
While I would probably myself configure this so that I would leave out all configurations on the current physical interface Ethernet0/1 I think there is an option for you which enabled you to leave the current interface configuration intact and just start adding subinterfaces to the physical interface Ethernet0/1.
To my understanding you could do the following
Configure the additional subinterfaces under the physical interface Ethernet0/1 on the ASA. For example just the IP address etc so enabled pinging to them after the Trunk has bee configured.
Configure the switch side to Trunk and configure the Native Vlan for that trunk as Vlan 99 so that the ASA will continue to receive untagged traffic for that vlan like it is now (Access mode port) As the main Ethernet0/1 port is not tagged it should keep working to my understanding.
I am a bit rusty on the switching side but the above is to my understanding what you could do. This should mean that you would not have to change anything on the ASA side. Ofcourse you would be adding the subinterfaces and their configurations but nothing that would change the current setup.
Naturally the switch side configuration change to Trunk would cause outage in your setup.
Hope this helps
Please do remember to mark a reply as the correct answer if it answered your question.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :