Cisco ASA VLANs and Sub-Interfaces

Hi there again

I have my inside VLANS working a treat on sub interfaces - thanks for all the advice.

What I cannot get working are multiple sub-interfaces on the outside interface. This is my (basic) config that works:

----------
interface GigabitEthernet1/1
description WAN
nameif OUTSIDE
security-level 0
ip address 95.80.38.209 255.255.255.128
no shut
!
interface GigabitEthernet1/2
no ip address
no nameif
no security-level
no shut
!
interface GigabitEthernet1/2.60
description LAN60
vlan 60
nameif INSIDE60
security-level 100
ip address 192.168.60.1 255.255.255.0
no shut
!
nat (INSIDE60,OUTSIDE) after-auto source dynamic any interface

route OUTSIDE 0.0.0.0 0.0.0.0 95.80.38.129

policy-map global_policy
class inspection_default
inspect icmp

----------

I can add multiple sub-interfaces on INSIDE and all stays working - I can ping the internet quite happily from the ASA and the devices on the inside VLANs.

However - if I use this configuration I run into trouble and nothing can see the internet:

----------
interface GigabitEthernet1/1
no ip address
no description
no nameif
no security-level
no shut
!
interface GigabitEthernet1/1.60
description WAN60
vlan 160
nameif OUTSIDE60
security-level 0
ip address 95.80.38.209 255.255.255.128
no shut
!
interface GigabitEthernet1/2
no ip address
no nameif
no security-level
no shut
!
interface GigabitEthernet1/2.60
description LAN60
vlan 60
nameif INSIDE60
security-level 100
ip address 192.168.60.1 255.255.255.0
no shut
!
nat (INSIDE60,OUTSIDE60) after-auto source dynamic any interface

route OUTSIDE60 0.0.0.0 0.0.0.0 95.80.38.129

policy-map global_policy
class inspection_default
inspect icmp

----------

I am thinking it may be a restriction on my actual device now (5508) and I may need a device that supports multiple security contexts and effectively have multiple virtual firewalls in 1 larger device/chassis. What do you think?