cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1048
Views
0
Helpful
7
Replies
saeedccie
Beginner

DMZ Sub interfaces into sub interface

Hi,

We have ASA FW 5010 in our organization and we have 4 DMZ's under the DMZ interface on ASA and all DMZ's are created on sub interfaces and assigned different VLANS on each DMZ's like

DMZ-1 = 172.20.1.x - VLAN 1000

DMZ-2 = 172.20.2.x - VLAN 1200

DMZ-3 = 172.20.3.x - VLAN 1300

DMZ-4 = 172.20.4.x - VLAN 1400

My question is:

Can we break sub interface (DMZ-4) into again another sub interface and assign another IP address like

DMZ-4 = 172.20.4.x

---------= 172.20.5.x

Means one VLAN has two IP addresses for gateway.

One thing more how many times we can break one interface into subinterfaces.

I hope my question is enough for understanding.

Regards,

Saeed

7 REPLIES 7
deyster94
Contributor

No, this is not a supported feature.

I think you can put 250 subinterfaces on a physical interface.

Thanks for the reply.

Can we break this feature on catalyst switches 2960 or 3560?

"Can we break this feature on catalyst switches 2960 or 3560?"

Answer is still no.

Hope that answers your question.

thanks

Rizwan Rafeek.

> Can we break this feature on catalyst switches 2960 or 3560?

You just want to have two IP-networks in one VLAN? If yes, that is possible on Routers and Switches with secondary IP-addresses. But the ASA doesn't support that.

Hi Saeed,

You can create sub interface for the sub interface... because virtual interfaces can be created on the physical interfaces...... But two ip segments for a single vlan is possible in L3 switches / Routers. I never tried it in firewalls....

Here is the example in L3 switch

interface Vlan100

ip address 10.0.0.4 255.255.255.0 secondary

ip address 10.2.2.4 255.255.254.0

no shut

!

Sorry... Small correction... You cannot create....

nkarthikeyan
Rising star

ASA 5510 supports max of 100 sub interfaces / vlans.....