Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5505 basics

I have 3 LAN segments going out via a 3560 L3 switch.

I know my way with L3 switches and try to understand how my new ASA should be configured: does it support the same VLANs as my network and only require a tunnel from ASA to one (or more) L3 device? does it capable of SPT (or RSPT as I use it in my network)?

  • Other Security Subjects

Re: ASA 5505 basics


ASA is not capable of Spanning Tree, nor should it, since it does not forward broadcasts packets.

The ASA interface will be configured as trunk, while for each VLAN you will configure subinterfaces. Assign one VLAN ID per interface.

The IP of the ASA on each subinterface will be the default gateway for the devices on that subnet.

interface GigabitEthernet0/1

description "Trunk Connectivity with SW"

speed 100

duplex full

no nameif

no security-level

no ip address


interface GigabitEthernet0/1.100

vlan 100

nameif VLAN100

security-level 80

ip address xxxxxxx


interface GigabitEthernet0/1.200

vlan 200

nameif VLAN200

security-level 70

ip address xxxxxxx


interface GigabitEthernet0/1.300

vlan 300

nameif VLAN300

security-level 60

ip address xxxxxxx

By default no routing is done between VLANs.

An example with VLANs and remote access VPNs:

BTW, ASA does not have Native VLAN support. So if you need VLAN 1 for some reason, you need to create a subinterface for it.

Please rate if this helped.



New Member

Re: ASA 5505 basics

while configuring I changed the admin address to (that is showing under VLAN 1)

then I've configured 3 additional VLANS for each of my LAN networks - VLANs 10, 11, 12

for VLAN 11 & 12 I could configure an IP address using 192.168.10\11.x

VLAN 10 won't let me configure an IP since it is already configured on VLAN1

does it mean I have to remove the management IP and switch it back to if so, how will I access it via LAN?

New Member

Re: ASA 5505 basics

when I try to configure sub-interface I get an error:

ASA(config)# int ethernet 0/1.24


ERROR: % Invalid input detected at '^' marker.

Re: ASA 5505 basics

show the output "sh ver"

New Member

Re: ASA 5505 basics

I did see few posts that said 5505 do not support sub-if, is it possible?

ASA# sh ver

Cisco Adaptive Security Appliance Software Version 7.2(3)

Device Manager Version 5.2(3)

Compiled on Wed 15-Aug-07 16:08 by builders

System image file is "disk0:/asa723-k8.bin"

Config file at boot was "startup-config"

OGASA up 1 day 16 hours

Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz

Internal ATA Compact Flash, 128MB

BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)

Boot microcode : CNlite-MC-Boot-Cisco-1.2

SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03

IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04

0: Int: Internal-Data0/0 : address is 0021.55d8.e84d, irq 11

1: Ext: Ethernet0/0 : address is 0021.55d8.e845, irq 255

2: Ext: Ethernet0/1 : address is 0021.55d8.e846, irq 255

3: Ext: Ethernet0/2 : address is 0021.55d8.e847, irq 255

4: Ext: Ethernet0/3 : address is 0021.55d8.e848, irq 255

5: Ext: Ethernet0/4 : address is 0021.55d8.e849, irq 255

6: Ext: Ethernet0/5 : address is 0021.55d8.e84a, irq 255

7: Ext: Ethernet0/6 : address is 0021.55d8.e84b, irq 255

8: Ext: Ethernet0/7 : address is 0021.55d8.e84c, irq 255

9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255

10: Int: Not used : irq 255

11: Int: Not used : irq 255

Licensed features for this platform:

Maximum Physical Interfaces : 8

VLANs : 20, DMZ Unrestricted

Inside Hosts : Unlimited

Failover : Active/Standby

VPN-DES : Enabled

VPN-3DES-AES : Enabled

VPN Peers : 25

WebVPN Peers : 2

Dual ISPs : Enabled

VLAN Trunk Ports : 8

This platform has an ASA 5505 Security Plus license.

Serial Number: JMX1221Z07S

Running Activation Key: 0xce06625a 0xa8d68c50 0x8c1055b0 0x9030f02c 0x8308b7a9

Configuration register is 0x1

Configuration last modified by enable_15 at 10:58:54.944 EDT Wed Jul 16 2008

Re: ASA 5505 basics

in this case you have a internal switch with 8 ports

for configuring