You must enable the physical interface before any traffic can pass through an enabled sub-interface. ASA Sub-interfaces let you divide a physical interface into multiple logical interfaces that are tagged with different VLAN IDs. Because VLANs allow you to keep traffic separate on a given physical interface, this increase the number of interfaces available to our network without adding additional physical interfaces or security appliances.

Each interface on a Cisco ASA firewall is a security zone so normally this means that the number of security zones is limited to the number of physical interfaces that we have

We can take the physical interface of a Cisco ASA firewall, and split it down into further sub-interfaces. This way you can set multiple VLANs to use this interface as a gateway at the same time whilst still separating the traffic.

Example of sub-interface creation:

ASA#configure terminal
ASA(config)#interface GigabitEthernet1/3.101
ASA(config-if)#vlan 101
ASA(config-if)#nameif AVIUMS
ASA(config-if)#security-level 95
ASA(config-if)#ip address 2.2.2.2 255.255.255.0

ASA 5505 and 5506-X use switching physical ports thus the layer 3 interfaces are defined more like in switch with SVI interfaces. The example of L3 interface for ASA 5505 is given below.

Assign physical port to a vlan like you do for switches:

ASA#configure terminal
ASA(config)#interface Ethernet0/0
ASA(config-if)#switchport access vlan 100

Define the related Layer 3 interface and give it necessary configuration:

ASA#configure terminal
ASA(config)#interface Vlan102
ASA(config-if)#nameif inside
ASA(config-if)#security-level 90
ASA(config-if)#ip address 1.1.1.1 255.255.255.0