Cisco ISA 3000 Subinterfaces and Zone

Wabou_224 — Wed, 24 Mar 2021 17:55:15 GMT

Hello Guys

I have standalone ISA 3000 (Transparent mode ) with FTD 6.6.1 managed by FMC which I need to connect to dual-core switch keeping the bypass functionality

there are several VLANs which will be connected to the firewall . The firewall will have inside and outside interfaces

The challenge which I am facing is to create sub-interfaces with the Same VLAN ID on two different interfaces so I got an idea to assign GI 1/1 for outside and GI 1/2 for inside and keep any subinterface without zone like

GI 1/1 ( Outside zone) GI 1/2 ( inside zone)

GI 1/1 -- > Create sub interface Gi 1/1.11 VLAN ID 11 ( no zone assigned )

GI 1/2 -- > Create Sub interface Gi 1/2.11 VLAN ID 11 ( No zone assigned)

Create BVI 11 for both 1/1.11 and 1/2.11 with BVI IP in VLAN 11 .

Does the sub-interface inhert the Security zone from the parent interface , for example GI 1/1.11 will inhert Outside side since GI 1/1 is Outside interface ?

topic Cisco ISA 3000 Subinterfaces and Zone in Network Security

Cisco ISA 3000 Subinterfaces and Zone