ASA 5510 with multiple internal addresses

Posted on 2007-08-02
Last Modified: 2013-11-16
I have an ASA 5510 that I am configuring for my network.  We are breaking off from our corporate parent to run autonomously.  When I make the switch, I would like to change my internal IP addressing scheme.  The current scheme uses 172.x.x.x with a subnet mask of  I want to move to 10.x.x.x with a subnet of

I will be able to change all the computers and servers at one time to the new configuration, but some of our floor equipment I cannot change.  I will assign new addresses and someone else will change the addresses over the next few days (weeks).  I need a solution so that my pcs can still see the equipment, and vice versa.

In my test environment, I have given the internal interface the new ip address ( and a sub interface the old ip address (  with a PC set up on the 10.x.x.x network, I can ping the 10 address on the ASA, but not the 172 address, and I cannot ping a device with a 172 address.  When I give the PC a 172 address, I can ping the device, but I still cannot ping the 172 address on the ASA.

What I am doing wrong?  Does the sub interface count as a physical interface?  (I am licensed for 4.)  Will I need to setup a router internally and a static route for on the ASA?

I am new to the ASA, so I am sorry if this question is simplistic.
Question by:mantech1
    LVL 79

    Accepted Solution

    > Does the sub interface count as a physical interface?
    Yes and it must also have a vlan tag

    Unlike a Cisco router, you cannot assign secondary IP's to the ASA interface.
    If you have an old Cisco router laying around, use it as a router on stick with secondary IP's on it.
    LVL 32

    Assisted Solution

    You need to make sure you are trunking the appropriate vlans to the ASA physical inerface.

    So for the switch port that connects to thso ASA interface change to port to a trunking port.

    interface X
    sw trunk encapsulation dot1q
    sw mode trunk

    This should get you working

    -Mike J


    Author Comment

    It was not what I wanted to hear, but it was an answer to my question.  So I will give each of you some points.

    We found another way around the issue.  Thank you anyway.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
    Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now