Is it possible to set up VLANs on the external interface of a Cisco ASA 5520? I have a customer who has a requirement to have external connections in two different subnets. My thought was to remove the IP config from the current (non VLAN'd) external interface and create VLANs that I can use for the 2 subnets.
It seems simple enough, change the config so that the IP is removed from the primary interface, create the VLAN, add the IP config to the VLAN, change the appropriate ACLs and NATs and your done. This doesn't work. I thought it might be the XLATE table so tried "clear XLATE" after making the config changes last night and still didn't work.
I have received several different answers from Cisco TAC ranging from "It can't be done" to "It can be done but is difficult". Their latest response was "It can't be done because of policy based routing".
Is this really not possible? Thanks in advance for any wisdom you can provide.
We are providing connectivity for the via a GigE fiber from our Cisco 6509s (running in hybrid mode) in our core.