Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

pix 515 subinterfaces

Hi to all,

i need to configure a subinterface as inside and i want to know if i need to configure a vlan in order to make it work or if is possible to avoid the vlan.

2 REPLIES

Re: pix 515 subinterfaces

Hi,

There is no other way than to use VLANs.

The ASA interface will be configured as trunk, while for each VLAN you will configure subinterfaces. Assign one VLAN ID per interface.

The IP of the ASA on each subinterface will be the default gateway for the devices on that subnet.

interface GigabitEthernet0/1

description "Trunk Connectivity with SW"

speed 100

duplex full

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/1.100

vlan 100

nameif VLAN100

security-level 80

ip address xxxxxxx

!

interface GigabitEthernet0/1.200

vlan 200

nameif VLAN200

security-level 70

ip address xxxxxxx

!

interface GigabitEthernet0/1.300

vlan 300

nameif VLAN300

security-level 60

ip address xxxxxxx

An example with VLANs and remote access VPNs:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806ab788.shtml

BTW, ASA does not have Native VLAN support. So if you need VLAN 1 for some reason, you need to create a subinterface for it.

Please rate if this helped.

Regards,

Daniel

Gold

Re: pix 515 subinterfaces

the physical interface can pass untagged packets.

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/intrface.html#wp1044006

what version OS does the pix515 use?

129
Views
0
Helpful
2
Replies