We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 637 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

 

367 New Members signed up the last 30 days!

satisfaction-guaranteed

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: , ,


Forum Replies

  1. Question:

    Why I can not create sub-interfaces if I have the security plus license?
    Maximum Physical Interfaces : 8 perpetual
    VLANs : 20 DMZ Unrestricted
    Dual ISPs : Enabled perpetual
    VLAN Trunk Ports : 8 perpetual
    Inside Hosts : Unlimited perpetual
    Failover : Active/Standby perpetual
    VPN-DES : Enabled perpetual
    VPN-3DES-AES : Enabled

    ... Continue reading in our forum

  2. Hi Mark,

    By default, all traffic from a higher security level (OUTSIDE) to a lower security level (INSIDE) will be dropped. The only thing you have to do is to create an access-list and permit the traffic you want. Take a look at this example:

    https://networklessons.com/cisco/asa-firewall/cisco-asa-access-list/

    Look for the “Permit Traffic to DMZ” section. Instead of the DMZ, it will be INSIDE for you.

    The ASA will use regular routing to select the egress interface. Let’s say you have an INSIDE gi0/1.10 sub-interface with IP address 192.168.1.254/24 on it. If

    ... Continue reading in our forum

  3. Hi there again

    I have my inside VLANS working a treat on sub interfaces - thanks for all the advice.

    What I cannot get working are multiple sub-interfaces on the outside interface. This is my (basic) config that works:

    ----------
    interface GigabitEthernet1/1
    description WAN
    nameif OUTSIDE
    security-level 0
    ip address 95.80.38.209 255.255.255.128
    no shut
    !
    interface GigabitEthernet1/2
    no ip address
    no nameif
    no security-level
    no shut
    !
    interface GigabitEthernet1/2.60
    description LAN60
    vlan 60
    nameif INSIDE60
    security-level 100
    ip address 192.168.60.1 255.255.255

    ... Continue reading in our forum

  4. Hi Rene,

    I’m a newbie in need of config help involving a catalyst 4500x and ASA5512X.
    I will be managing 4500x that is connected to my DataCenter provider’s ASA 5512x.

    Here are the details:
    All internal routing is done on the 4500x.
    Inter VLAN on the switch (VLAN 500, VLAN 69, VLAN xxx, VLAN xxy)

    VLAN 500 - 4500x TE1/1/17 <==> ASA Ge0/1 (Primary) and 4500x TE2/1/17 <==> ASA Ge0/1 (Secondary).
    -- 10.10.10.3 / 29

    4500x config:

    interface TenGigabitEthernet1/1/17
     switchport mode trunk
     switchport trunk allowed vlan 500
    
    interface TenGigabitEthernet2/1/17
     s
    ... Continue reading in our forum

  5. Hi Renee,

    The issue has been resolved .
    The problem was, as you pointed out, is the ASA’s next hop.
    I may add more vlans to between asa and 4500x that is why it was trunked.

    Thanks.

    -RON

35 more replies! Ask a question or join the discussion by visiting our Community Forum