Solved: Thanks, I will try with that

marianares0001 · ‎02-16-2017

Hi,

I am trying to configure an ASA 5505 as a backup of an ASA 5510 and I am having problems with the sub interfaces in the 5510 to translate to VLANs configuration for the 5505. Even, I am wondering if it is possible to do a configuration that work the same in the 5505.

The 5510 configuration is:

interface Ethernet0/0
nameif LAN1
security-level 100
ip address 172.16.2.2 255.255.255.0
!
interface Ethernet0/0.4
vlan 4
nameif LAN2
security-level 100
ip address 10.0.4.5 255.255.255.252
!
interface Ethernet0/0.10
vlan 10
nameif LAN3
security-level 100
ip address 10.0.10.5 255.255.255.252

I would appreciate if anybody could help me with this matter.

Thanks

FrOg Lee · ‎02-16-2017

If you dont have trouble with licenses, you may try

hostname(config)# interface vlan 1
hostname(config-if)# nameif LAN1
hostname(config-if)# security-level 100
hostname(config-if)#ip address 172.16.2.1 255.255.255.0
hostname(config-if)# no shutdown
hostname(config-if)# interface vlan 4
hostname(config-if)# nameif LAN2
hostname(config-if)# security-level 100
hostname(config-if)# ip address 10.0.4.6 255.255.255.252
hostname(config-if)# no shutdown
hostname(config-if)# interface vlan 10
hostname(config-if)# nameif LAN3
hostname(config-if)# security-level 100
hostname(config-if)# ip address 10.0.10.6 255.255.255.252
hostname(config-if)# interface ethernet 0/1
hostname(config-if)# switchport mode trunk
hostname(config-if)# switchport trunk allowed vlan 4,10
hostname(config-if)# switchport trunk native vlan 1

http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/interface_start_5505.html

View solution in original post

FrOg Lee · ‎02-16-2017

Provide output of ASA5505

sh ver

marianares0001 · ‎02-16-2017

Sh ver 5505:

Cisco Adaptive Security Appliance Software Version 8.2(5)
Device Manager Version 7.1(1)

Compiled on Fri 20-May-11 16:00 by builders
System image file is "disk0:/asa825-k8.bin"
Config file at boot was "startup-config"

ASA-fwl up 52 secs

Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode : CNlite-MC-IPSECm-MAIN-2.05

0: Int: Internal-Data0/0    : address is f07f.06b7.0a35, irq 11
1: Ext: Ethernet0/0         : address is f07f.06b7.0a2d, irq 255
2: Ext: Ethernet0/1         : address is f07f.06b7.0a2e, irq 255
3: Ext: Ethernet0/2         : address is f07f.06b7.0a2f, irq 255
4: Ext: Ethernet0/3         : address is f07f.06b7.0a30, irq 255
5: Ext: Ethernet0/4         : address is f07f.06b7.0a31, irq 255
6: Ext: Ethernet0/5         : address is f07f.06b7.0a32, irq 255
7: Ext: Ethernet0/6         : address is f07f.06b7.0a33, irq 255
8: Ext: Ethernet0/7         : address is f07f.06b7.0a34, irq 255
9: Int: Internal-Data0/1    : address is 0000.0003.0002, irq 255
10: Int: Not used            : irq 255
11: Int: Not used            : irq 255

Licensed features for this platform:
Maximum Physical Interfaces    : 8
VLANs                          : 3, DMZ Restricted
Inside Hosts                   : Unlimited
Failover                       : Disabled
VPN-DES                        : Enabled
VPN-3DES-AES                   : Enabled
SSL VPN Peers                  : 2
Total VPN Peers                : 10
Dual ISPs                      : Disabled
VLAN Trunk Ports               : 0
Shared License                 : Disabled
AnyConnect for Mobile          : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials          : Disabled
Advanced Endpoint Assessment   : Disabled
UC Phone Proxy Sessions        : 2
Total UC Proxy Sessions        : 2
Botnet Traffic Filter          : Disabled

This platform has a Base license.

Serial Number: JMX1840Z0B2
Running Activation Key: 0xb108d352 0xf4ffb5cd 0xd0a34524 0xb264d084 0x81293096
Configuration register is 0x1
Configuration has not been modified since last system restart.

sh ver 5510:

Cisco Adaptive Security Appliance Software Version 8.2(5)
Device Manager Version 7.3(1)101

Compiled on Fri 20-May-11 16:00 by builders
System image file is "disk0:/asa825-k8.bin"
Config file at boot was "startup-config"

ASA-fwl up 290 days 3 hours

Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1599 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode : CNlite-MC-IPSECm-MAIN-2.05

0: Ext: Ethernet0/0         : address is 001e.1359.36ec, irq 9
1: Ext: Ethernet0/1         : address is 001e.1359.36ed, irq 9
2: Ext: Ethernet0/2         : address is 001e.1359.36ee, irq 9
3: Ext: Ethernet0/3         : address is 001e.1359.36ef, irq 9
4: Ext: Management0/0       : address is 001e.1359.36eb, irq 11
5: Int: Not used            : irq 11
6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces    : Unlimited
Maximum VLANs                  : 50
Inside Hosts                   : Unlimited
Failover                       : Disabled
VPN-DES                        : Enabled
VPN-3DES-AES                   : Enabled
Security Contexts              : 0
GTP/GPRS                       : Disabled
SSL VPN Peers                  : 2
Total VPN Peers                : 250
Shared License                 : Disabled
AnyConnect for Mobile          : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials          : Disabled
Advanced Endpoint Assessment   : Disabled
UC Phone Proxy Sessions        : 2
Total UC Proxy Sessions        : 2
Botnet Traffic Filter          : Disabled

This platform has a Base license.

Thanks

FrOg Lee · ‎02-16-2017

Asa 5505 output

<skipped>
VLAN Trunk Ports               : 0
<skipped>

In this case you need Security Plus License as I understand.

marianares0001 · ‎02-16-2017

Thanks for your response.

FrOg Lee · ‎02-16-2017

If you dont have trouble with licenses, you may try

hostname(config)# interface vlan 1
hostname(config-if)# nameif LAN1
hostname(config-if)# security-level 100
hostname(config-if)#ip address 172.16.2.1 255.255.255.0
hostname(config-if)# no shutdown
hostname(config-if)# interface vlan 4
hostname(config-if)# nameif LAN2
hostname(config-if)# security-level 100
hostname(config-if)# ip address 10.0.4.6 255.255.255.252
hostname(config-if)# no shutdown
hostname(config-if)# interface vlan 10
hostname(config-if)# nameif LAN3
hostname(config-if)# security-level 100
hostname(config-if)# ip address 10.0.10.6 255.255.255.252
hostname(config-if)# interface ethernet 0/1
hostname(config-if)# switchport mode trunk
hostname(config-if)# switchport trunk allowed vlan 4,10
hostname(config-if)# switchport trunk native vlan 1

http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/interface_start_5505.html

marianares0001 · ‎02-16-2017

Thanks, I will try with that configuration after I upgrade the license.

Help configuring ASA 5505 as a backup of 5510

Provide output of ASA5505

Asa 5505 output