ASA VLAN Question

f00f1ter · ‎03-13-2008

When I configure subinterfaces on an ASA, how does the security level of the physical interface interact with the security levels of the subinterfaces? Can I make the subinterfaces security levels different from the security level of the physical interface and how is this handled?

TIA

massimiliano.serafino · ‎03-13-2008

Hi,

Every subinterface may have an own security level; sure you may have different security level for every interface.

I hope this helps.

Best regards.

Massimiliano.

f00f1ter · ‎03-13-2008

Thank you for your reply, Massimiliano. Does the security level of the physical interface affect the subinterfaces in any way?

Thanks

simi.akinnusi · ‎03-13-2008

No, it does not, when you set the security levels for sub interfaces, it does not have any interaction with the security level set on the physical interfaces. Routing is not possible between these interfaces unless you want this to happen then you use a certain command in the ios, if you need this command let me know and i will point you in right direction.

sundar.palaniappan · ‎03-13-2008

No,the security level of physical interface shouldn't affect the security level of sub-interfaces.

interface Ethernet0

nameif outside

security-level 0

no ip address

pixfirewall(config-if)# show run int e0.1

!

interface Ethernet0.1

vlan 2

nameif vlan2

security-level 25

no ip address

pixfirewall(config-if)# show nameif

Interface Name Security

Ethernet0 outside 0

Ethernet0.1 vlan2 25

HTH

Sundar