Assigning Vlans To The Asa Services Module - Cisco ASA Series Cli Configuration Manual

Assigning VLANs to the ASA Services Module

Assigning VLANs to the ASA Services Module
This section describes how to assign VLANs to the ASASM. The ASASM does not include any external
physical interfaces. Instead, it uses VLAN interfaces. Assigning VLANs to the ASASM is similar to
assigning a VLAN to a switch port; the ASASM includes an internal interface to the Switch Fabric
Module (if present) or the shared bus.
Prerequisites
See the switch documentation for information about adding VLANs to the switch and assigning them to
switch ports.
Guidelines
•
•
•
•
•
Cisco ASA Series ASDM Configuration Guide
1-4
You can assign up to 16 firewall VLAN groups to each ASASM. (You can create more than 16
VLAN groups in Cisco IOS software, but only 16 can be assigned per ASASM.) For example, you
can assign all the VLANs to one group; or you can create an inside group and an outside group; or
you can create a group for each customer.
There is no limit on the number of VLANs per group, but the ASASM can only use VLANs up to
the ASASM system limit (see the ASASM licensing documentation for more information).
You cannot assign the same VLAN to multiple firewall groups.
You can assign a single firewall group to multiple ASASMs. VLANs that you want to assign to
multiple ASASMs, for example, can reside in a separate group from VLANs that are unique to each
ASASM.
See the "VLAN Guidelines and Limitations" section on page
Chapter 1 Configuring the Switch for Use with the ASA Services Module
1-2.