I have an ASA5520 (8.2 version of firmware) whose physical ports are all taken. I want to add a subinterface, but I believe I have set it up incorrectly:

interface GigabitEthernet0/0

description Ethernet to 2800 router (internet gateway)

speed 1000

duplex full

nameif outside

security-level 0

ip address 106.x.x.50 255.255.255.248

!

interface GigabitEthernet0/1

description Ethernet to 3750 switch for admin 207

speed 1000

duplex full             

nameif admin

security-level 96

ip address 96.x.x.1 255.255.255.0

!

interface GigabitEthernet0/1.60

vlan 60

nameif vlan60

security-level 100

ip address 192.168.1.10 255.255.0.0

!

interface GigabitEthernet0/2

description Ethernet to 3750 switch for student 10

speed 1000

duplex full

nameif inside

security-level 75

ip address 10.0.0.10 255.0.0.0

!

interface GigabitEthernet0/3

description Ethernet to 3750 switch for admin 63

speed 1000

duplex full

nameif Admin2

security-level 98          

ip address 109.x.x.1 255.255.255.0

interface GigabitEthernet0/0

description Ethernet to 2800 router (internet gateway)

speed 1000

duplex full

nameif outside

security-level 0

ip address 106.x.x.50 255.255.255.248

!

interface GigabitEthernet0/1

description Ethernet to 3750 switch for admin 207

speed 1000

duplex full             

nameif admin

security-level 96

ip address 96.x.x.1 255.255.255.0

!

interface GigabitEthernet0/1.60

vlan 60

nameif vlan60

security-level 100

ip address 192.168.1.10 255.255.0.0

!

interface GigabitEthernet0/2

description Ethernet to 3750 switch for student 10

speed 1000

duplex full

nameif inside

security-level 75

ip address 10.0.0.10 255.0.0.0

!

interface GigabitEthernet0/3

description Ethernet to 3750 switch for admin 63

speed 1000

duplex full

nameif Admin2

security-level 98          

ip address 109.x.x.1 255.255.255.0

------------------------------------------------------------------------

Gi0/1.60 is the int I added. I believe that I have to remove the IP address from the physical interface (gi0/1) before I assign IP addresses to subinterfaces- can anyone confirm this? I suppose if I have to do that, I will have to add a separate subinterface to accomodate the already existing 96.x.x.1 net. If that notion is correct, and I do that, I should be able to ping from any device assigned to VLAN 60 to any device belonging to a VLAN in a lower security-level interface, correct?