Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
234
Views
0
Helpful
2
Replies

Issue configuring multiple ISPs under subinterfaces

Stephen Fung
Level 1
Level 1

‎04-25-2017 09:39 AM - edited ‎03-12-2019 02:16 AM

Hi guys,

Background: 2 Cisco 2911 for two ISPs -> two physical ports on a Cisco 2960 switch -> a single port on ASA5520

I am running out of ports on a the ASA so I am thinking if i could do this the following way:

----------------------------
ON ASA
----------------------------

interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.1
description ISP1
encapsulation dot1Q 1
nameif OUTSIDE
ip address 202.X.X.100 255.255.255.0
!
interface GigabitEthernet0/1.11
description ISP2
encapsulation dot1Q 11
nameif OUTSIDE11
ip address 102.X.X.100 255.255.255.0
!

---------------------------
ON SWITCH
---------------------------

interface GigabitEthernet1/0/1
description to ASA GE01
switchport trunk allowed vlan 1,11
switchport mode trunk
!
interface GigabitEthernet1/0/10
description ISP1
switchport mode access
switchport access vlan 1
!
interface GigabitEthernet1/0/20
description ISP2
switchport mode access
switchport access vlan 11
!
interface vlan 1
ip address 202.X.X.99 255.255.255.0
!
interface vlan 11
ip address 102.X.X.99 255.255.255.0
!

However, I am not able to ping each other after configuring the vlans and the subinterfaces.

Any comment would be appreciated.

Thanks,
Stephen

Labels:
0 Helpful
2 Replies 2

Ajay Saini
Level 7
Level 7

‎04-25-2017 11:04 AM

On Cisco ASA, the subinterface should have 'vlan x' parameter. Could you please try not add the config as per below example and test:

interface GigabitEthernet0/0

no shut

interface GigabitEthernet0/0.100

vlan 100

nameif inside

security-level 100

ip add 10.10.10.1 255.255.255.0 standby 10.10.10.2

interface GigabitEthernet0/0.200

vlan 200

nameif dmz

security-level 50

ip add 192.168.10.1 255.255.255.0 standby 192.168.10.2

Please update the post once you have the results.

-

AJ

0 Helpful

cofee
Level 5
Level 5
In response to Ajay Saini

‎04-25-2017 06:31 PM

As AJ mentioned the vlan syntax under ASA sub interfaces appear to be incorrect. Can you Ping SVIs locally from the switch? If not make sure that both SVIs are up up "sh ip int brief". Is there a specific reason that you created SVIs for both vlans on your edge switch? 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top