9-6
Cisco ASDM User Guide
OL-16647-01
Chapter 9 Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance
Configuring VLAN Interfaces
If you enabled Easy VPN, you cannot add or delete VLAN interfaces, nor can you edit the security level
or interface name. We suggest that you finalize your interface configuration before you enable Easy
VPN.
This section includes the following topics:
• Interfaces > Interfaces, page 9-6
• Add/Edit Interface > General, page 9-8
• Add/Edit Interface > Advanced, page 9-10
Interfaces > Interfaces
The Interfaces tab displays configured VLAN interfaces. You can add or delete VLAN interfaces, and
also enable communication between interfaces on the same security level or enable traffic to enter and
exit the same interface.
Transparent firewall mode allows only two interfaces to pass through traffic.
Fields
• Name—Displays the interface name.
• Switch Ports—Shows the switch ports assigned to this VLAN interface.
• Enabled—Indicates if the interface is enabled, Yes or No.
• Security Level—Displays the interface security level between 0 and 100. By default, the security
level is 0.
• IP Address—Displays the IP address, or in transparent mode, the word “native.” Transparent mode
interfaces do not use IP addresses. To set the IP address for the context or the security appliance, see
the Management IP Address pane.
• Subnet Mask—For routed mode only. Displays the subnet mask.
• Restrict Traffic Flow—Shows if this interface is restricted from initiating contact to another VLAN.
With the Base license, you can only configure a third VLAN if you use this option to limit it.
For example, you have one VLAN assigned to the outside for Internet access, one VLAN assigned
to an inside business network, and a third VLAN assigned to your home network. The home network
does not need to access the business network, so you can use the Restrict Traffic Flow option on the
home VLAN; the business network can access the home network, but the home network cannot
access the business network.
If you already have two VLAN interfaces configured with a name, be sure to enable the Restrict
Traffic Flow option before you name the third interface; the adaptive security appliance does not
allow three fully functioning VLAN interfaces with the Base license on the ASA 5505 adaptive
security appliance.
Note If you upgrade to the Security Plus license, you can remove this option and achieve full
functionality for this interface. If you leave this option enabled, this interface continues to
be limited even after upgrading.
• Backup Interface—Shows the backup ISP interface for this interface. If this interface fails, the
backup interface takes over.