Cisco.ASA.- VLAN on outside interface

Discussion in 'Networking & Security' started by Jay_2, Mar 20, 2015.

  1. Jay_2

    Jay_2 2[H]4U

    Messages:
    3,583
    Joined:
    Mar 20, 2006
    Hi,

    A quick question, why is a vlan created on the outside interface rather than the settings and security level assigned directly to the interface?
     
  2. thrash408

    thrash408 Limp Gawd

    Messages:
    341
    Joined:
    Jan 22, 2010
    What version and what model do you have? Are you talking about the 5505?
     
  3. MysticRyuujin

    MysticRyuujin Limp Gawd

    Messages:
    507
    Joined:
    Oct 1, 2013
    I don't know. Why did you or your organization create a sub-interface?

    If your outside interface needs to support more than one VLAN then you have to create sub-interfaces for those VLANs and apply policies to them...Maybe you want TCP port 80 allowed through on one VLAN but not on the other...

    The question "why" can only be answered by knowing your setup and your requirements. If you figure those out you'll figure out why...
     
  4. tangoseal

    tangoseal [H]ardness Supreme

    Messages:
    7,989
    Joined:
    Dec 18, 2010
    You said enough by ending there.
     
  5. Jay_2

    Jay_2 2[H]4U

    Messages:
    3,583
    Joined:
    Mar 20, 2006
    Yes 5505, I see lots of boiler plate configs this way and was just wondering why.

    Thanks for your help.
     
    Last edited: Mar 21, 2015
  6. Jay_2

    Jay_2 2[H]4U

    Messages:
    3,583
    Joined:
    Mar 20, 2006
    I have looked into this a bit more and the only reason I can see that this is done is so you can easily move the config of the interface to another interface.