Trunking problem in ASA 5520

nachete1979 · ‎12-12-2007

Hello all,

I am trying to install a new ASA appliance in the position of a PIX 515E. Everything is the same but I have decided to configure all DMZs in the same Gigabit interface via VLANs.

The problem is that when everything is connected, i have no problem with outside nor inside part, but DMZs (3 subinterfaces) appears not connected when trying a sh route.

There is a 3750 stack before the ASA, where i have configured a trunk port for this DMZs.

Any ideas?

Thanks very much in advance

Cheers!

JORGE RODRIGUEZ · ‎12-12-2007

Do you have any hosts devices connected to any of these dmz subnets in the switch, also if you do show interfaces on asa it will should all interfaces status including subinterfaces. Show route will show routing entries on asa but not interfaces status.. try that.

Rgds

Jorge

Jorge Rodriguez

nachete1979 · ‎12-12-2007

Thanks Jorge,

I have tried and everything looked ok. But later on i tried to configure the physical interface in order to pass untagged traffic and then it worked.

It seems that it is not true what the oficial guide explains about subinterfaces configuration.

It only works if the physicar interfaces has configured a nameif and a security level (below security than the subinterfaces)

pplsi · ‎12-26-2007

I have subif as well. I have the physical interface enabled but not named. I also have no security level on it.

I actually have 2 sub interfaces and they work fine. I'm using the ASA 5550 with the 8 code.