I'm new to ASAs but I have been reading up on it and lab testing. I want to bundle 5 ports on the ASA5512x and connect to our access switch (a L2/L3 switch) for the sole purpose of setting up Anyconnect vpn. the access switch as a trunk interface that connects to the distribution switch which has all the SVIs for the VLANs, there are also ACLs applied on the SVIs. So doesn't that mean I will create 2 logical interfaces on the ASA, one for outside users to connect to the VPN and the other to act as the gateway for VPN users after they connect and get an IP from the VPN pool. I've bundled all 6ports, its connected to the access switch (the port channel is L3).
`ASA port channel: interface Port-channel1
lacp max-bundle 8
no nameif
no security-level
no ip address
switch
6800x-lab#sh run int po1
Building configuration...
Current configuration : 46 bytes
!
interface Port-channel1
no ip address
end
6800x-lab(config)#int po1
6800x-lab(config-if)#swi
6800x-lab(config-if)#switchport
Cannot convert Po1 to L2, remove port(s) from port-channel.
Command rejected: Not a convertible port.`
As you can see I cannot make the port channel a layer 2 port channel. Or do I even have to? I also want to create the logical interfaces (VPN outside and inside interfaces). Do I need to make subinterfaces from the portchannel? or do I configure SVIs?
No comments:
Post a Comment