07-31-2012 06:18 AM - edited 03-11-2019 04:36 PM
Hi Guys
On the ASA running the 8.4.4.1 code in transparent mode.
Can I create sub interfaces in different vlans and attach them to different BVI groups?
switch---trunk---ASA---Trunk---switch
Gig0/1.1 vlan 100 bridge-gr1 Gig0/2.1 vlan 101 bridge-gr1
Gig0/1.2 vlan 200 bridge-gr2 Gig0/2.2 vlan 201 bridge-gr2
Is this possible?
Thanks
08-01-2012 02:19 AM
Hi,
i think this possible... but you to make sure that asa generates automatic new mac address for those interfaces and you to allow "same-security-traffic"
do rate if helpful
08-01-2012 03:00 AM
Hi,
Yes you can do that. Please refer the below mentioned guide for better understanding.
Please do rate if the given information helps.
By
Karthik
08-01-2012 03:22 AM
Thanks Guys
What I am trying to figure out is whether the ASA will forward traffic properly.
The documentation seems to suggest that BVI’s are tied to physical interfaces not logical interfaces.
Nitesh I thought the auto-mac was just for ASA’s in multiple context mode.
08-01-2012 03:27 AM
my mistake about the mac address..
may i ask why you want to use logical interface and that even in transparent mode??
what are you trying to achieve?
08-01-2012 03:34 AM
Hi Nitesh
I have a existing client network that I cannot change.
I need to find a way to protect a segment with changing address.
08-01-2012 03:41 AM
are you planning to deploy the firewall at the perimeter??
Transparent FW is good but you will need to configure alot of rules and then you wont be getting the features of VPN and other benefits.
What is your plan?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide