Cisco Security: Cisco ASA 5505 Interfaces configuration for Trunk Port

 Today I am going to talk about the basic Cisco ASA configuration of trunk ports and also to make that Cisco ASA with the failover link. We are putting two ASA where one is the primary one and another is the failover ASA in the DMZ zone.

Now let's talk about the basic Cisco ASA configuration for the trunk port. Below is the basic topology showing the Cisco ASA placed in the enterprise network. The configurations, IP addresses and topology shown here is only for the demo purposes and has no relevance with any of the enterprise networks.

Fig 1.1-Cisco ASA in Failover Scenario

The below mentioned example is just a basic example to Cisco ASA trunk ports where we are going to  configures seven VLAN interfaces, including the failover interface which is configured using the failover LAN command. VLANs 20, 21, and 22 are trunked on Ethernet 1/1. 

VLAN 10 Configurations
NDNA_asa(config)# interface vlan 10
NDNA_asa(config-if)# name if outside
NDNA_asa(config-if)# security-level 0
NDNA_asa(config-if)# ip address 10.1.1.1 255.255.255.0
NDNA_asa(config-if)# no shutdown

VLAN 20 Configurations
NDNA_asa(config-if)# interface vlan 20
NDNA_asa(config-if)# name if inside
NDNA_asa(config-if)# security-level 100
NDNA_asa(config-if)# ip address 10.2.1.1 255.255.255.0
NDNA_asa(config-if)# no shutdown 

VLAN 21 Configurations
NDNA_asa(config-if)# interface vlan 21
NDNA_asa(config-if)# name if dept1
NDNA_asa(config-if)# security-level 90
NDNA_asa(config-if)# ip address 10.2.2.1 255.255.255.0
NDNA_asa(config-if)# no shutdown 

VLAN 22 Configurations
NDNA_asa(config-if)# interface vlan 22
NDNA_asa(config-if)# name if dept2
NDNA_asa(config-if)# security-level 90
NDNA_asa(config-if)# ip address 10.2.3.1 255.255.255.0
NDNA_asa(config-if)# no shutdown 

VLAN 30 Configurations
NDNA_asa(config-if)# interface vlan 30
NDNA_asa(config-if)# name if dmz
NDNA_asa(config-if)# security-level 50
NDNA_asa(config-if)# ip address 10.3.1.1 255.255.255.0
NDNA_asa(config-if)# no shutdown 

VLAN 40 Configurations
NDNA_asa(config-if)# interface vlan 40
NDNA_asa(config-if)# name if backup-isp
NDNA_asa(config-if)# security-level 50
NDNA_asa(config-if)# ip address 10.1.2.1 255.255.255.0
NDNA_asa(config-if)# no shutdown 

VLAN 50 Configurations
NDNA_asa(config-if)# failover lan faillink vlan 50
NDNA_asa(config)# failover interface ip faillink 10.4.1.1 255.255.255.0 standby 10.4.1.2 255.255.255.0 

Assigning interfaces with the VLAN ID
NDNA_asa(config)# interface ethernet 1/0
NDNA_asa(config-if)# switchport access vlan 10
NDNA_asa(config-if)# no shutdown
NDNA_asa(config-if)# interface ethernet 1/2
NDNA_asa(config-if)# switchport access vlan 30
NDNA_asa(config-if)# no shutdown
NDNA_asa(config-if)# interface ethernet 1/3
NDNA_asa(config-if)# switchport access vlan 40
NDNA_asa(config-if)# no shutdown
NDNA_asa(config-if)# interface ethernet 1/4
NDNA_asa(config-if)# switchport access vlan 50
NDNA_asa(config-if)# no shutdown 

Creating trunk port on the interface
NDNA_asa(config-if)# interface ethernet 1/1
NDNA_asa(config-if)# switchport mode trunk
NDNA_asa(config-if)# switchport trunk allowed vlan 20-22
NDNA_asa(config-if)# switchport trunk native vlan 5
NDNA_asa(config-if)# no shutdown