Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
910
Views
4
Helpful
3
Replies

Security levels on Subinterfaces on the Adaptive Security Appliance

Kevin Melton
Level 2
Level 2

‎12-01-2014 12:20 PM - edited ‎02-21-2020 05:20 AM

Forum

I am working for a client today whom has a legacy ASA 5510 platform.  I am configuring sub interfaces on the interfaces on the appliance.

Do the subinterfaces that I create inheret the security level of the parent physical interface?  In other words, if I have G0/2 physical interface on the ASA set to a security level of 99, will all of the subinterfaces underneath of that physical interface inheret the security level configured on the physical interface?

 

Thank You!

 

 

0 Helpful
3 Replies 3

David Johan Castro Fernandez
Level 3
Level 3

‎12-01-2014 12:40 PM

Hello Kevin,

 

On this case, once you have created the sub-interfaces you will have to get into each of them and add the security level, the physical interface won't inheret that configuration to the sub interfaces.

 

Let me know if you have another question!

 

Please don't forget to rate and mark as correct the helpful post!

 

Regards,

 

David Castro,

Kevin Melton
Level 2
Level 2
In response to David Johan Castro Fernandez

‎12-01-2014 01:40 PM

Hi David

So does that mean that I will have to not have a Security level on the physical? Is this like the IP address being on a subinterface and therefore IP's are not tacked up to the physical?

Also is it an option to have several sub-interfaces with the same security level of 100?  I ask this because these will all be inside interfaces for different  vlans...

 

Thank You!

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Kevin Melton

‎12-01-2014 02:14 PM

That's correct - the physical parent interface does not have a nameif, IP address or security level (either explicit or derived).

Your subinterfaces can be any mix of security levels - all the same, all different or however you need.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card