10-28-2013 11:35 AM - edited 03-11-2019 07:56 PM
Hello Everyone
I have a new ASA 5512 which does not allow me to use VLANs like I did with previous version. I have 3 interfaces, inside, outside and dmz. I want to add another unused interface to my DMZ network instead of uplinking my dmz interface to a switch. Before i could create a vlan for DMZ and then add the interfaces to that. How can i have multiple interfaces on the same network? I essentionally want to make int gi0/3 into an acces port on the dmz network.
Thanks in advance
10-28-2013 11:40 AM
Hi,
To my understanding the only Cisco firewalls that let you use Vlan interfaces are FWSM, ASASM and ASA5505 (which has a switch module unlike other ASA models) (Dont know about the ASA V1000 since I never even seen one)
I don't know that there is any way to bridge the ASA5500-X Series (or even the original series) physical interfaces. They are routed interfaces and not switchports.
- Jouni
10-28-2013 01:21 PM
Now that i think about it the only one i have been able to do vlans and place muliple interfaces in that vlan is the 5505. I saw an article talking about bridge-groups. Did not really apply to what i am doing but left me wondering if that is something that could accomplish the same thing.
When i do a show ver it says unlimited vlans. But sounds like you cannot really do anything with them.
Thanks
10-28-2013 02:35 PM
Hi,
To my understanding you wont be able to have 2 interface be part of the same subnet since all the ports are router/routed ports instead of switch ports.
You can configure a physical interface as a Trunk and configure the required Vlans on that Trunk. You can also configure an Etherchannel/Port-channel of multiple interfaces and use it as Trunk (which would be more logical choice wih the new ASA5500-X series as they have a better performance/throughput than the original ASA series.
We have actually run out of allocated Vlan interfaces on an FWSM once. The device had so many virtual firewalls (Security Contexts) that we reached the 1000 interface cap on the device.
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide