https://community.cisco.com/t5/network-security/multiple-subinterfaces-on-same-context/m-p/2660240#M195550 <P>That is correct for both questions.</P><P>__</P><P>Please remember to select a correct answer and rate helpful posts&nbsp;</P> Mon, 30 Mar 2015 15:37:56 GMT Marius Gunnerud 2015-03-30T15:37:56Z https://community.cisco.com/t5/network-security/multiple-subinterfaces-on-same-context/m-p/2660237#M195547 <P>Hi,</P><P>I'm having a difficult time finding examples where there is a multi-context ASA using multiple subinterfaces under the contexts. I'm running 5585-X SSP-10 in my network.<BR />We have a license for 20 contexts, currently only using a quarter of those context. Issue is, the way they set this up was only one subinterface per context, and that's how they want to keep.<BR />I'm already charged with adding three new vlans to our firewall for migrating some devices off our old network to our new one. Issue is if we keep doing that we're going to burn through all these contexts in no time.</P><P>I'm assuming you can have multiple vlans going to the same context with multiple subinterfaces. That being said, I would assume you can block the traffic from two vlans on the same context from each other.</P><P>Can anyone link me to some configuration examples for multiple subinterfaces, and an example of what the access rules on the same context might look like for two vlans with different subnets?</P><P>Thanks.</P> Tue, 12 Mar 2019 05:42:39 GMT https://community.cisco.com/t5/network-security/multiple-subinterfaces-on-same-context/m-p/2660237#M195547 christopher.wood 2019-03-12T05:42:39Z https://community.cisco.com/t5/network-security/multiple-subinterfaces-on-same-context/m-p/2660238#M195548 <P>I feel you are overthinking this. If you have setup an ASA interface before then setting up subinterfaces in a context is not much different (other than having to allocate the interface to that given context)&nbsp; Then you configure the interface on the context as you would any other interface.</P><P>Your configuration would look like this:</P><P>changeto system</P><P>interface Gig0/0</P><P>no shut</P><P>int Gig0/0.1</P><P>vlan 10</P><P>ing Gig0/0.2</P><P>vlan 20</P><P>context A</P><P>allocate-interface Gig0/0.1 - Gig0/0.2</P><P>changeto context A</P><P>interface G0/0.1</P><P>security-level 100</P><P>nameif inside</P><P>ip add 10.10.10.1 255.255.255.0</P><P>interface G0/0.2</P><P>security-level 0</P><P>nameif outside</P><P>access-list TEST-ACL permit ip 10.10.10.0 255.255.255.0 any</P><P>access-list TEST-ACL2 permit ip any host 10.10.10.10</P><P>access-group TEST-ACL in interface inside</P><P>access-group TEST-ACL2 in interface outside</P><P>--</P><P>Please remember to select a correct answer and rate helpful posts</P> Sat, 28 Mar 2015 20:47:32 GMT https://community.cisco.com/t5/network-security/multiple-subinterfaces-on-same-context/m-p/2660238#M195548 Marius Gunnerud 2015-03-28T20:47:32Z https://community.cisco.com/t5/network-security/multiple-subinterfaces-on-same-context/m-p/2660239#M195549 <P>That's pretty much what&nbsp; I was looking for, but I can have several vlans on the the inside interface on the same context right? And then I can block traffic between those vlans with access rules on the same context?</P><P>&nbsp;</P> Mon, 30 Mar 2015 14:16:36 GMT https://community.cisco.com/t5/network-security/multiple-subinterfaces-on-same-context/m-p/2660239#M195549 christopher.wood 2015-03-30T14:16:36Z https://community.cisco.com/t5/network-security/multiple-subinterfaces-on-same-context/m-p/2660240#M195550 <P>That is correct for both questions.</P><P>__</P><P>Please remember to select a correct answer and rate helpful posts&nbsp;</P> Mon, 30 Mar 2015 15:37:56 GMT https://community.cisco.com/t5/network-security/multiple-subinterfaces-on-same-context/m-p/2660240#M195550 Marius Gunnerud 2015-03-30T15:37:56Z