Sun-interfaces

Chad Campbell · ‎08-21-2015

Hey guys,

I am trying to consolidate 2 different firewalls into another ASA 5520 active/standby firewall, and only have 1 interface available, I wanted to make sure that I can use sub-interface for site-to-site VPN, anyconnect, and also another sub-if for outside traffic?

Is this possible, is it a good idea? I have 2 maybe 3 different public IPs but from the same subnet. What route should I go with this? Is it best practice to use the same IP for LAN outside traffic and VPN site to site/anyconnect?

joseoroz · ‎08-21-2015

Hello Chad,

These are the answers to your questions:

I am trying to consolidate 2 different firewalls into another ASA 5520 active/standby firewall, and only have 1 interface available, I wanted to make sure that I can use sub-interface for site-to-site VPN, anyconnect, and also another sub-if for outside traffic?

-I don't see any limitation other than using the physical and sub interface on the same interface with VPN. Meanwhile both are sub interfaces its supposed to work.

Is this possible, is it a good idea? I have 2 maybe 3 different public IPs but from the same subnet. What route should I go with this? Is it best practice to use the same IP for LAN outside traffic and VPN site to site/anyconnect?

-It is possible. I wouldn't say that is recommended but it should be possible. Now for VPN you should use the IP on the interface so I don't see any difference between that and using a separate physical interface.

Kind regards,

Jose Orozco.