You are here: Home » Technology » VLAN Sub-Interfaces on Cisco ASA 5500 Firewall Configuration

VLAN Sub-Interfaces on Cisco ASA 5500 Firewall Configuration

Posted by TechWorld on Tuesday, 7 January 2014 0

One of the advantages of the Cisco ASA firewall is that you can configure multiple virtual interfaces (subinterfaces) on the same physical interface, thus extending the number of security zones (firewall “legs”) on your network. Each subinterface must belong to a different Layer2 VLAN, with a separate Layer3 subnet.
There are limits on the number of VLANs supported on eachASA model, according to the following list:

  • ASA 5505: Max 20 VLANs (with the Security Plus Software)
  • ASA 5510: Max 100 VLANs (with the Security Plus Software)
  • ASA 5520: Max 150 VLANs
  • ASA 5540: Max 200 VLANs
  • ASA 5550: Max 250 VLANs
  • ASA 5580: Max 100 VLANs
Below is a snapshot of a configuration example of VLAN subinterfaces:
interface GigabitEthernet0/0
speed 100
duplex full
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/0.10
description OUTSIDE1
vlan 10
nameif OUT1
security-level 0
ip address 10.10.10.1 255.255.255.0
!
interface GigabitEthernet0/0.20
description OUTSIDE2
vlan 20
nameif OUT2
security-level 10
ip address 10.20.20.1 255.255.255.0
!
interface GigabitEthernet0/1
speed 100
duplex full
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/1.30
description INSIDE1
vlan 30
nameif INSIDE1
security-level 90
ip address 10.30.30.1 255.255.255.0
!
interface GigabitEthernet0/1.40
description INSIDE2
vlan 40
nameif INSIDE2
security-level 80
ip address 10.40.40.1 255.255.255.0 
!

Tagged as: , , , , , , , , ,
About the Author

I had passion about computers since I was born. It is my hobby, my work and my life. Currently I am software engineer and Network engineer

Get Updates

Subscribe to our e-mail newsletter to receive updates.

Share This Post

Related posts

0 comments:

Subscribe to: Post Comments (Atom)
© 2014 SmartTechWorld
.
back to top