Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 543
  • Last Modified:

ASA 5510 with multiple internal addresses

I have an ASA 5510 that I am configuring for my network.  We are breaking off from our corporate parent to run autonomously.  When I make the switch, I would like to change my internal IP addressing scheme.  The current scheme uses 172.x.x.x with a subnet mask of 255.255.248.0.  I want to move to 10.x.x.x with a subnet of 255.255.0.0.

I will be able to change all the computers and servers at one time to the new configuration, but some of our floor equipment I cannot change.  I will assign new addresses and someone else will change the addresses over the next few days (weeks).  I need a solution so that my pcs can still see the equipment, and vice versa.

In my test environment, I have given the internal interface the new ip address (10.1.0.1) and a sub interface the old ip address (172.1.0.1).  with a PC set up on the 10.x.x.x network, I can ping the 10 address on the ASA, but not the 172 address, and I cannot ping a device with a 172 address.  When I give the PC a 172 address, I can ping the device, but I still cannot ping the 172 address on the ASA.

What I am doing wrong?  Does the sub interface count as a physical interface?  (I am licensed for 4.)  Will I need to setup a router internally and a static route for on the ASA?

I am new to the ASA, so I am sorry if this question is simplistic.
0
mantech1
Asked:
mantech1
2 Solutions
 
lrmooreCommented:
> Does the sub interface count as a physical interface?
Yes and it must also have a vlan tag

Unlike a Cisco router, you cannot assign secondary IP's to the ASA interface.
If you have an old Cisco router laying around, use it as a router on stick with secondary IP's on it.
0
 
harbor235Commented:
You need to make sure you are trunking the appropriate vlans to the ASA physical inerface.

So for the switch port that connects to thso ASA interface change to port to a trunking port.

interface X
sw trunk encapsulation dot1q
sw mode trunk

This should get you working

-Mike J


0
 
mantech1Author Commented:
It was not what I wanted to hear, but it was an answer to my question.  So I will give each of you some points.

We found another way around the issue.  Thank you anyway.
0

Featured Post

Become an IT Security Management Expert

In today’s fast-paced, digitally transformed world of business, the need to protect network data and ensure cloud privacy has never been greater. With a B.S. in Network Operations and Security, you can get the credentials it takes to become an IT security management expert.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now