cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
483
Views
0
Helpful
2
Replies

Reconfigure ASA interface to make it trunk, Impact on SFR module

Hello,

 

I have an ASA Firewall with SFR capabilities that has 2 routed interfaces: Inside and Outside. I need to reconfigure the physical inside interface, make it trunk and create 2 subinterfaces: one will be the previously inside interface and add a new "inside2".

 

If I do that, will that ASA topology change be reflected on the SFR module instantly (under Device Management->Device->Interface?

 

The SFR module is managed by an FMC appliance.

 

The Firewall is in production currently and the change will be done during a maintenance window as the physical interface reconfiguration will cause an outage.

2 Replies 2

johnd2310
Collaborator
Collaborator

Hi,

 

How are you forwarding the traffic to the SFR module? Reconfigure your interface and re-apply the service-policy for the SFR traffic to the required interfaces.

 

Thanks

John

**Please rate posts you find helpful**

Hello,

 

thanks for the reply.

 

I am using an ACL to redirect traffic to the module.

 

So after I make all the changes on the ASA interface, I would have to push policy. By doing this the new ASA interface will show up under the Device configuration (in FMC)? If yes, I guess then I will have to make the appropriate Security Zone/ASA interface associations and push policy again?

 

PS: since the Layer 3 configuration from the inside interface will be moved from the physical interface to a sub-interface, will the Security Zone/ASA interface association be updated once I do the first policy push?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: