09-27-2017 08:45 AM - edited 03-08-2019 12:11 PM
09-27-2017 09:29 AM
In the newer model of ASA (5506x) Cisco has eliminated vlans. You can use sub-interfaces or if that is not an option for you, you connect the end devices to a switch and than connect the switch to the firewall.
HTH
09-27-2017 11:32 AM
09-27-2017 12:06 PM - edited 09-27-2017 12:14 PM
Hi
Yes, your configuration will work fine, it is known as sub-interface vlan. Check the license to get the amount of interface vlans you want. Cisco 5506X is the evolution of 5505.
It works like Router in a Stick scheme.
The config should be like:
interface GigabitEthernet1/1.2
vlan 2
nameif INSIDE
security-level 0
ip address 209.156.159.114 255.255.255.248
no shutdown
09-27-2017 12:31 PM
Hi,
Yes, the sub-interfacec config will work as long as you are only connecting one device to that interface, meaning all the end devices connect to some sort of switch or hub and than that device connects to the firewall. If you are actually using a switch or hub you don't even need a sub-interface. A regular layer-3 interface will work fine but it is best practice to use a sub-interface.
HTH
09-28-2017 02:48 AM
Thank you for this.
I have configured this as below:
interface GigabitEthernet1/2
no nameif
no security-level
no ip address
interface GigabitEthernet1/2.1
vlan 1
nameif INSIDE
security-level 100
ip address 192.168.15.1 255.255.255.0
!
interface GigabitEthernet1/3
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/3.2
vlan 2
nameif OUTSIDE
security-level 0
ip address 209.x.x.x 255.255.255.248
See attached, the box where it says laptop should read switch
09-28-2017 06:03 AM - edited 09-28-2017 06:04 AM
Hi
That is correct, it will work, but remember if you are using sub-interfaces, you should have a trunk on the switche connected to the Firewall, and the same on the OUTSIDE interface, the provider should have a Trunk or a router using sub interfaces as well.
:-)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide