You'll probably want to remove your subinterfaces from the ASA after you verify that everything is working. You can connect the ASA to a single vlan that matches up to the vlan svi that you have on the switch. What I mean by that is let's assume your ASA's internal interface is addressed at 192.168.1.1, and you have vlan 10 on the L3 switch addressed at 192.168.1.2. You'd put the interface that the ASA connects to in vlan 10 and you're done.
Natting should continue to work, but you'll need either a routing protocol configured between the ASA and the L3 switch, or you can use statics on the ASA. The L3 switch will have a single default route pointing to the ASA's internal address and the ASA will need to have a route for every vlan pointing back to the L3 switch.
If you have 3 vlans:
vlan 10 - 192.168.1.0/24
vlan 20 - 192.168.2.0/24
vlan 30 - 192.168.3.0/24
The ASA will know about vlan 10 (because it's locally connected for my example of the ASA's interface being at 192.168.1.1), but it won't know about vlan 20 or 30, so you'll need static routes:
Remember my example above of the L3 switch svi having the 192.168.1.2/24 address on vlan 10 svi? That would be your next hop for the ASA to send its traffic.
Other than that, you should be good as far as I can see. Once everything is working, you might as well remove the subinterfacs from the ASA. You *might* need to double check your nat rules to make sure you don't have anything associated to your subinterfaces. If you do, you'll need to rewrite those rules as well.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...