https://community.cisco.com/t5/network-security/vlan-5505/m-p/1098643#M915463 <HTML><HEAD></HEAD><BODY><P>yes, you will have to use subinterfaces on the firewall. Suppose you connect the trunk port on the L2 switch with e0/1 on the FW, then on the FW configure like this</P><P></P><P>hostname(config)# interface ethernet0/1.1</P><P>hostname(config-subif)# vlan 100</P><P>hostname(config-subif)# nameif inside100</P><P>hostname(config-subif)# security-level 100</P><P>hostname(config-subif)# ip address 192.168.1.1 255.255.255.0</P><P></P><P>hostname(config)# interface ethernet0/1.2</P><P>hostname(config-subif)# vlan 200</P><P>hostname(config-subif)# nameif inside200</P><P>hostname(config-subif)# security-level 100</P><P>hostname(config-subif)# ip address 192.168.2.1 255.255.255.0</P><P></P><P>hostname(config)# interface ethernet0/1.3</P><P>hostname(config-subif)# vlan 300</P><P>hostname(config-subif)# nameif inside300</P><P>hostname(config-subif)# security-level 100</P><P>hostname(config-subif)# ip address 192.168.3.1 255.255.255.0</P><P></P><P>and then for allowing communication between the subnets of these vlans use the command</P><P></P><P>hostname(config)# same-security-traffic permit inter-interface</P></BODY></HTML> Fri, 01 Aug 2008 08:14:24 GMT dhananjoy chowdhury 2008-08-01T08:14:24Z https://community.cisco.com/t5/network-security/vlan-5505/m-p/1098642#M915462 <P>Hi,</P><P></P><P>What I am thinking to create three three V-lans on L2 switch like :-</P><P></P><P>1) Vlan-100</P><P>192.168.1.0/24</P><P>Int 1</P><P></P><P>2) Vlan-100</P><P>192.168.2.0/24</P><P>Int 2</P><P>3) Vlan-300</P><P>192.168.3.0/24</P><P>Int 3</P><P></P><P>Now one of the interface 4, want to use as a Trunk port which will be connect with directly FW. Now is it possible that all Vlan data go through the trunk port to FW to Internet. If it is then please show me a one example with configuration, if possible. Thanks.</P> Mon, 11 Mar 2019 13:24:12 GMT https://community.cisco.com/t5/network-security/vlan-5505/m-p/1098642#M915462 nikuhappy2010 2019-03-11T13:24:12Z https://community.cisco.com/t5/network-security/vlan-5505/m-p/1098643#M915463 <HTML><HEAD></HEAD><BODY><P>yes, you will have to use subinterfaces on the firewall. Suppose you connect the trunk port on the L2 switch with e0/1 on the FW, then on the FW configure like this</P><P></P><P>hostname(config)# interface ethernet0/1.1</P><P>hostname(config-subif)# vlan 100</P><P>hostname(config-subif)# nameif inside100</P><P>hostname(config-subif)# security-level 100</P><P>hostname(config-subif)# ip address 192.168.1.1 255.255.255.0</P><P></P><P>hostname(config)# interface ethernet0/1.2</P><P>hostname(config-subif)# vlan 200</P><P>hostname(config-subif)# nameif inside200</P><P>hostname(config-subif)# security-level 100</P><P>hostname(config-subif)# ip address 192.168.2.1 255.255.255.0</P><P></P><P>hostname(config)# interface ethernet0/1.3</P><P>hostname(config-subif)# vlan 300</P><P>hostname(config-subif)# nameif inside300</P><P>hostname(config-subif)# security-level 100</P><P>hostname(config-subif)# ip address 192.168.3.1 255.255.255.0</P><P></P><P>and then for allowing communication between the subnets of these vlans use the command</P><P></P><P>hostname(config)# same-security-traffic permit inter-interface</P></BODY></HTML> Fri, 01 Aug 2008 08:14:24 GMT https://community.cisco.com/t5/network-security/vlan-5505/m-p/1098643#M915463 dhananjoy chowdhury 2008-08-01T08:14:24Z https://community.cisco.com/t5/network-security/vlan-5505/m-p/1098644#M915464 <HTML><HEAD></HEAD><BODY><P>If I would need three V-lans configured on ASA three seperate Interfaces then why wud i need to make these v-lans on Switch. My question was that is it possible that the all V-Lans traffic go through switch int 4 which is connected with FW int/0 and FW int/0 to internet. In this case, i want to configure only one interface on FW. Thanks.</P></BODY></HTML> Fri, 01 Aug 2008 09:18:59 GMT https://community.cisco.com/t5/network-security/vlan-5505/m-p/1098644#M915464 nikuhappy2010 2008-08-01T09:18:59Z https://community.cisco.com/t5/network-security/vlan-5505/m-p/1098645#M915465 <HTML><HEAD></HEAD><BODY><P>If you see my previous post I have mentioned about Subinterfaces, which are created on a physical interface e0.</P><P>Alnd you are connecting only 1 cable from the switch to the FW (int 4 in your case) to the FW (int e0), for the three vlans.</P></BODY></HTML> Fri, 01 Aug 2008 11:03:03 GMT https://community.cisco.com/t5/network-security/vlan-5505/m-p/1098645#M915465 dhananjoy chowdhury 2008-08-01T11:03:03Z https://community.cisco.com/t5/network-security/vlan-5505/m-p/1098646#M915466 <HTML><HEAD></HEAD><BODY><P>Thanks:)</P></BODY></HTML> Fri, 01 Aug 2008 11:18:13 GMT https://community.cisco.com/t5/network-security/vlan-5505/m-p/1098646#M915466 nikuhappy2010 2008-08-01T11:18:13Z