Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

"ONE ASA GAME" > 2 outside physical interfaces + (1 dmz + 1 inside) on subinterfaces .....

Hi Guys,

I have a simple setup and diagram is uploaded .

Can i have a sample config anywhere on cisco.com website or any blog reference....


In the diagram attached, i have 2 outside networks connecting to 2 DIFFERENT ISPs..... they are physically different interfaces.

In the diagram , i have 2 other interfaces also E0/2.1 and E0/2.2 and they will be subinterfaces on E0/2 only.

The E0/2.1 will be the DMZ      with 172.x.x.x network and E0/2.2 will be INSIDE network with 10.x.x.x as the picture shows ?

May  i get any reference config in cisco website or any blog guys ??? or anyone has faced the same scenario, can share the config ?

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: "ONE ASA GAME" > 2 outside physical interfaces + (1 dmz + 1

Here is an example for the Dual ISP issue:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

The other issue of using sub-interfaces for a DMZ I believe will not work. Technically you are supposed to get licenses for more interfaces so I can't imagine they would just let you use sub-interfaces instead of getting the required licenses, but I have never tried it. I am assuming that is why you are using sub-interfaces.

1 REPLY
New Member

Re: "ONE ASA GAME" > 2 outside physical interfaces + (1 dmz + 1

Here is an example for the Dual ISP issue:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

The other issue of using sub-interfaces for a DMZ I believe will not work. Technically you are supposed to get licenses for more interfaces so I can't imagine they would just let you use sub-interfaces instead of getting the required licenses, but I have never tried it. I am assuming that is why you are using sub-interfaces.

151
Views
0
Helpful
1
Replies