I am working for a client today whom has a legacy ASA 5510 platform. I am configuring sub interfaces on the interfaces on the appliance.
Do the subinterfaces that I create inheret the security level of the parent physical interface? In other words, if I have G0/2 physical interface on the ASA set to a security level of 99, will all of the subinterfaces underneath of that physical interface inheret the security level configured on the physical interface?
On this case, once you have created the sub-interfaces you will have to get into each of them and add the security level, the physical interface won't inheret that configuration to the sub interfaces.
Let me know if you have another question!
Please don't forget to rate and mark as correct the helpful post!
So does that mean that I will have to not have a Security level on the physical? Is this like the IP address being on a subinterface and therefore IP's are not tacked up to the physical?
Also is it an option to have several sub-interfaces with the same security level of 100? I ask this because these will all be inside interfaces for different vlans...
That's correct - the physical parent interface does not have a nameif, IP address or security level (either explicit or derived).
Your subinterfaces can be any mix of security levels - all the same, all different or however you need.