08-03-2018 08:03 AM - edited 03-05-2019 10:49 AM
I have a simple network configuration ISP==>Router==>ASA==>L3 Core. I am trying to add another link from my router to my ASA for DMZ and a secondary ISP. I do not want to add physical links as I would have to purchase another NIM for my router. In order to simply uses the current physical topology, do I simply create sub interfaces between my router and ASA? Example
Router Gi0/0.10 ==ASA Gi1/1.10 vlan 10
Router Gi0/0.20 ==ASA Gi1/1.10 vlan 20
Router Gi0/0.30 ==ASA Gi1/1.10 vlan 30
Is there any downsides and/or security concerns to using sub-interfaces for this kind of topology. Also, is there any better way of handling this kind of topology without the need for additional physical ports?
Solved! Go to Solution.
08-03-2018 08:08 AM
For sure, vlan and subinterface is a good and flexible solution.
If your asa supports context, you can consider to use a virtual context for the new link. In this way you can have a virtual dedicated firewall.
About security, you can use ACL on your subinterface.
Regards.
08-03-2018 08:08 AM
For sure, vlan and subinterface is a good and flexible solution.
If your asa supports context, you can consider to use a virtual context for the new link. In this way you can have a virtual dedicated firewall.
About security, you can use ACL on your subinterface.
Regards.
08-03-2018 03:29 PM
Thanks for the quick reply. Context would be over kill for what I'm trying to do. I think the sub-interface route is the way I'll go.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide