https://community.cisco.com/t5/network-security/asa-questions/m-p/849652#M956956 <P>Hi,</P><P></P><P>I have a setup with 1 ASA5520 with 4 interfaces. I need to connect 2 core switches (Cat65xx) to two of the interfaces, while another 2 interfaces goes to the internet router and the dmz respectively. The core switches are running in a redundant topology setup, and the 2 links to the firewall are supposed to be running simultaneously (ASA running in routed mode, the 2 internal links are routed links). </P><P></P><P>My question is:</P><P>Can i use 1 of the network port on the ASA and set it up as a trunked link with 2-3 vlans? All the hosts in those vlans will be forced to use the ASA as its default gateway. </P><P></P><P>thanks</P><P>w</P><P></P><P></P> Mon, 11 Mar 2019 11:48:47 GMT wkw 2019-03-11T11:48:47Z https://community.cisco.com/t5/network-security/asa-questions/m-p/849652#M956956 <P>Hi,</P><P></P><P>I have a setup with 1 ASA5520 with 4 interfaces. I need to connect 2 core switches (Cat65xx) to two of the interfaces, while another 2 interfaces goes to the internet router and the dmz respectively. The core switches are running in a redundant topology setup, and the 2 links to the firewall are supposed to be running simultaneously (ASA running in routed mode, the 2 internal links are routed links). </P><P></P><P>My question is:</P><P>Can i use 1 of the network port on the ASA and set it up as a trunked link with 2-3 vlans? All the hosts in those vlans will be forced to use the ASA as its default gateway. </P><P></P><P>thanks</P><P>w</P><P></P><P></P> Mon, 11 Mar 2019 11:48:47 GMT https://community.cisco.com/t5/network-security/asa-questions/m-p/849652#M956956 wkw 2019-03-11T11:48:47Z https://community.cisco.com/t5/network-security/asa-questions/m-p/849653#M956958 <HTML><HEAD></HEAD><BODY><P>you can create subinterfaces on the ASA as follows:</P><P>int eth0/2</P><P> no shut</P><P>int eth0/2.100</P><P> vlan 100</P><P>int eth0/2.200</P><P> vlan 200</P><P>int eth0/2.300</P><P> vlan 300</P><P></P><P>....</P><P>that's just an example. the subinterface number does not have to be the same as the vlan, but it helps making the config more readable.</P><P>It will then use dot1q on this connection for VLAN tagging. the physical interface (in this case, eth0/2) passes untagged traffic, only if you apply the nameif command.</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/intrface.html" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/intrface.html</A></P><P></P><P>..for more details</P></BODY></HTML> Wed, 16 Jan 2008 04:57:43 GMT https://community.cisco.com/t5/network-security/asa-questions/m-p/849653#M956958 srue 2008-01-16T04:57:43Z