Step 2 To specify the VLAN for the subinterface, enter the following command:
hostname(config-subif)# vlan vlan_id
The vlan_id is an integer between 1 and 4094. Some VLAN IDs might be reserved on connected switches, so check the switch documentation for more information.
You can only assign a single VLAN to a subinterface, and not to the physical interface. Each subinterface must have a VLAN ID before it can pass traffic. To change a VLAN ID, you do not need to remove the old VLAN ID with the no option; you can enter the vlan command with a different VLAN ID, and the security appliance changes the old ID.
Step 3 To enable the subinterface, enter the following command:
It is very possible that script you copied is meant for a ASA5505 model, the 5505 has an integrated L2 switch, your model 5520 does not have integrated switch.
Again, you need to configure trunking, the way it works is through subinterfaces for your L3 logical configuration , in orther words spliting a physical port into many logical interfaces, that port will then connect to a L2 switch where your VLANS will be configured with respect to the logical in the firewall..
Ok straight away i'll come to the point, i have two L3 switches configured for HSRP, Now i need to connect these two switches to the firewall, So the firewall inside, and the two L3 switches must have to be in the same subnet.
Please suggest a solution for this scenario, i do not want to use another switch in between the firewall and the l3 switches.
We need to know what your requirements are in terms of networks and what type of networks they will be, you have couple of L3 switches and you are providing L3 failover through HSRP but for the switches only, you would need a second firewall in order to achive failover on the firewalls throuhg active/standby scenario, you will have only one phisical connection per firewall port to a particular switch, if switch1 fails where fw connects , you still have hsrp to work at the switches for failover but not the firewall, you would have to move the fw physical connection to SW2,... but I suppose what you could do this for firewall connection switch failover, I have not done it this way nor I would, maybe someone could comment on this one, say use another fw physical interface with same sec level one connection from FW to SW1 and one Connection to SW2 but this becomes very messy ASA and HSRP I don't believe is possible in the scenario we are all familiar in IOS, hsrp pass through sure but not the way like in IOS, I don't know perhaps a litlle more thinking if time is feasable, and test it.
Going back to the begining , will these switches be your inside paremeter, I would first schetch down in writing or diagram how may inside networks you required, since you have L3 switchs I would recommend to have them perform inter-vlan routing, for networks that required to be isolated as DMZs or Public access networks I would have them in separate L2 switches.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...