Asa 5520 subinterface configuration -2x ISP modem to one G0/1

[obiektywNY]

Hello
I found the website

http://www.cisco-tips.com/how-to-configure-vlan-subinterfaces-cisco-asa-5500-firewall/

that on Cisco ASA5520 we can create few subinterfaces like Ga0/0.10.

I have similar problem, I need to connect two ISP modems to one ASA interface for staff, see the picture

http://picasaweb.google.com/tarlink/Cisco#slideshow/5422706510228563778

My ASDM 5.2 doesn't allow me to do this from graphic interface.
ASA license support
Max 150 VLANs, also VPN PLus, and Max Physical interfaces: Unlimited.

My question is that will be possible from CLI level? I want to hookup two modems (13IP's each) through switch NETGEAR GS108t, that support VLAN 802.1Q Trunking. NAT translation I will set up on M1 i M2 for Staff network.

I set up Netgear with Vlan101 for M1 and Vlan102 for M2 using IEEE 802.1Q
Default VLAN 1 I set up for all port as Untagged and one port going to ASA is set as Tagged (Ga1-T), also:
VlanID 101 => Ga1-T, Ga2-U, Ga3-U, Ga4-U,
VlanID 102 => Ga1-T, Ga5-U, Ga6-U, Ga7-U, Ga8-U

Before that one modem get disconnect from ISP network after a while (I assuming that on ISP routers STP protocol did the job).

If it is possible I am wonder what security-level should be on every subinterface and how the best do this configuration?

Thank You for your help and advices.

 

[Supergrrover]

yes the cli is the way to go. set all external security levels as 0 (totally untrusted.) you should move your dmz inside the asa as well.

Brent
Systems Engineer / Consultant
CCNP, CCSP