– Don’t forget to enable physical interfaces (e0/0, e0/1, e0/2)
– Create sub-interface and assign VLAN to sub-interface and make sure switch port is in trunking mode. The native (untagged) VLAN of the trunk connection maps to the physical interface, and it cannot be assigned to a sub-interface.
ASA03-5510#interface Ethernet0/3
nameif INSIDE
security-level 0
ip address 136.1.93.17 255.255.255.0
ASA03-5510#interface Ethernet0/0.34
vlan 34
nameif outside
security-level 100
ip address 136.1.34.17 255.255.255.0
ASA03-5510# sh nameif
Interface Name Security
Ethernet0/0.34 outside 100
Ethernet0/3 INSIDE 0
ASA03-5510# sh ip address
System IP Addresses:
Interface Name IP address Subnet mask Method
Ethernet0/0.34 outside 136.1.34.17 255.255.255.0 manual
Ethernet0/3 INSIDE 136.1.93.17 255.255.255.0 manual
Current IP Addresses:
Interface Name IP address Subnet mask Method
Ethernet0/0.34 outside 136.1.34.17 255.255.255.0 manual
Ethernet0/3 INSIDE 136.1.93.17 255.255.255.0 manual
ASA03-5510#
ASA3# show conn
enable logging on ASA:
#logging on
#logging console 7
– Switch configurations:
interface FastEthernet0/13 interface FastEthernet0/14
description ASA03 0/3 description ASA04 0/3
switchport access vlan 93 switchport trunk allowed vlan 34
switchport mode access switchport mode trunk
spanning-tree portfast
CCIE Security Blog 