Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Vlan on asa-5585

Hi,

Is there any way to create vlans on cisco asa 5585 similar way we do for cisco switches.

The asa in this case is an interface for subsidary users to connect into this new network.

We require few vlans to be created for some servers on the firewall. the firewall should be the gateway for these servers.

eg. vlan 100 - 192.168.100.1/24 should be on the ASA firewall.

How do we achieve this?

Appreciate all help on this.

1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

Vlan on asa-5585

Hi,

You will have to configure atleast one physical interface as a Trunk interface if you want to bring the Vlan all the way to the ASA. Essentially the configuration follows the same lines as configuring a Cisco router to act as the gateway for multiple Vlans behind a switch.

The actual configuration format depends on how you have set up the ASA. Is it Single Context or Multiple Context?

In Single Context the configuration would be something like this

interface GigabitEthernet0/0

description TRUNK

interface GigabitEthernet0/0.100

vlan 100

nameif LAN

security-level 100

ip add 10.10.10.1 255.255.255.0

interface GigabitEthernet0/0.200

vlan 200

nameif DMZ

security-level 50

ip add 192.168.10.1 255.255.255.0

If you are running Multiple Context mode the configuration could be something like this

interface GigabitEthernet0/0

description TRUNK

interface GigabitEthernet0/0.100

description LAN

vlan 100

interface GigabitEthernet0/0.200

description DMZ

vlan 200

context EXAMPLE-CONTEXT

allocate-interface GigabitEthernet0/0.100

allocate-interface GigabitEthernet0/0.200

config-url disk0:/EXAMPLE-CONTEXT.cfg

Or something along these lines

Hope this helps

Please do remember to mark a reply as the correct answer if it answered your question.

Feel free to ask more if needed.

- Jouni

3 REPLIES
Super Bronze

Vlan on asa-5585

Hi,

You will have to configure atleast one physical interface as a Trunk interface if you want to bring the Vlan all the way to the ASA. Essentially the configuration follows the same lines as configuring a Cisco router to act as the gateway for multiple Vlans behind a switch.

The actual configuration format depends on how you have set up the ASA. Is it Single Context or Multiple Context?

In Single Context the configuration would be something like this

interface GigabitEthernet0/0

description TRUNK

interface GigabitEthernet0/0.100

vlan 100

nameif LAN

security-level 100

ip add 10.10.10.1 255.255.255.0

interface GigabitEthernet0/0.200

vlan 200

nameif DMZ

security-level 50

ip add 192.168.10.1 255.255.255.0

If you are running Multiple Context mode the configuration could be something like this

interface GigabitEthernet0/0

description TRUNK

interface GigabitEthernet0/0.100

description LAN

vlan 100

interface GigabitEthernet0/0.200

description DMZ

vlan 200

context EXAMPLE-CONTEXT

allocate-interface GigabitEthernet0/0.100

allocate-interface GigabitEthernet0/0.200

config-url disk0:/EXAMPLE-CONTEXT.cfg

Or something along these lines

Hope this helps

Please do remember to mark a reply as the correct answer if it answered your question.

Feel free to ask more if needed.

- Jouni

New Member

Vlan on asa-5585

Firewall will be in single context-normal firewall.

Is there any other way to create this vlan on the firewall apart from the trunk interface method?

I essentially want the servers default gateway to be this firewall.

is it possible that i assign this vlan ip address on one of the firewall interfaces & do it that way.

Appreciate all help.

Super Bronze

Vlan on asa-5585

Hi,

The only way to do Vlan configurations on the ASA5585-X is to configure Trunk interface. The only ASA model that directly supports Vlan interfaces is the ASA5505 model which is the lowest end ASA model.

Naturally you can also take a single physical interface and configure it as usual and connect it to a switch port which is configured as Access port for the Vlan to which you want that ASA interface to connect to.

- Jouni

1239
Views
5
Helpful
3
Replies
CreatePlease login to create content