All Cisco ASA firewall models from 5510 and higher, include an extra ethernet interface for management. By default, this specific interface is set to management-only mode, which means that it can receive traffic only, but it does not allow traffic to pass through to other interfaces.

In order to enable the Management 0/0 interface to act as a normal Firewall interface, use the following configuration:

asa (config)# interface management 0/0
asa (config-if)# no management-only

With the above, you just added one more normal firewall interface to your appliance since the management interface can now pass through traffic just like any other interface.

If you need a rugged wireless access point device for challenging RF environments (such as warehouses, factories, large establishments etc) then the Cisco Aironet 1240 AG series is the ideal product for your situation. This device takes into account antenna support versatility as well as environment/physical security (broad range of operating temperatures and secure mounting bracket).

The 1240AG supports the 802.11 a/b/g wi-fi standards but comes also as 802.11g single band version to be used in environments that do not allow the 5 Ghz operation of 802.11a band. Antenna support features diversity antenna connectors for both 2.4 and 5 GHz bands to provide extended range, coverage versatility, and more flexible installation options. The RF performance of 1240AG offers industry-leading transmit power, receive sensitivity, and delay spread for high-multipath environments in order to provide reliable performance and throughput under the most challenging RF environments.

One of the advantages of the Cisco ASA firewall is that you can configure multiple virtual interfaces (subinterfaces) on the same physical interface, thus extending the number of security zones (firewall “legs”) on your network. Each subinterface must belong to a different Layer2 VLAN, with a separate Layer3 subnet.

There are limits on the number of VLANs supported on each ASA model, according to the following list:

• ASA 5505: Max 20 VLANs (with the Security Plus Software)
• ASA 5510: Max 100 VLANs (with the Security Plus Software)
• ASA 5520: Max 150 VLANs
• ASA 5540: Max 200 VLANs
• ASA 5550: Max 250 VLANs
• ASA 5580: Max 100 VLANs

Below is a snapshot of a configuration example of VLAN subinterfaces:

interface GigabitEthernet0/0
speed 100
duplex full
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/0.10
description OUTSIDE1
vlan 10
nameif OUT1
security-level 0
ip address 10.10.10.1 255.255.255.0
!
interface GigabitEthernet0/0.20
description OUTSIDE2
vlan 20
nameif OUT2
security-level 10
ip address 10.20.20.1 255.255.255.0
!

interface GigabitEthernet0/1
speed 100
duplex full
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/1.30
description INSIDE1
vlan 30
nameif INSIDE1
security-level 90
ip address 10.30.30.1 255.255.255.0
!
interface GigabitEthernet0/1.40
description INSIDE2
vlan 40
nameif INSIDE2
security-level 80
ip address 10.40.40.1 255.255.255.0 
!