sorry for late reply..the CSS11500 supports firewall load balancing FWLB and in one of the mode, it seems like the firewall should support multinetting.(multiple ip address)
Sounds like you might be talking about ...
- VLSM variable-length subnet masking
- Classless Inter-Domain Routing (CIDR)
- routing prefix aggregation (also known as "supernetting" or "route summarization")
Geez Adam I hope you knew that off the top of your head :-)
Celso, I have never tried it, but I'm pretty sure you can not assign multiple IP's to a single interface.
This is correct, however, the only way I see this possible looking Adam's link is if you were to used 802.1q and subinterfaces in ASA 7.x each sub with same security level.
What do you mean by routing? you can route between same security interfaces without issues, subinterfaces are routed interfaces are they not.. perhaps I don't understand you when you said " what about routing" ?
check this link on page 107
Ahh ... yes, use multiple VLAN's to segment up a single interface. We have several ASA 5520's running that configuration.
Sample of such: Notice that you can assign different Security levels.
no ip address
ip address 172.17.122.x 255.255.255.x
description Secure Email Sub DMZ
ip address 172.17.123.x 255.255.255.x
Marc, using your config and Adam's example link the scenario of multiple IPs per interface could be accomplished this way.
no ip address
description Network 184.108.40.206
ip address 220.127.116.11 255.255.255.0
description Network 18.104.22.168
ip address 22.214.171.124 255.255.255.0
description Network 126.96.36.199
ip address 188.8.131.52 255.255.255.0
use same-security-traffic permit inter-interface command to pass traffic between these nets without the use of ACLs.