Solved

Cisco ASA 5505, secondary IP on inside interface, same subnet

Posted on 2014-03-11
6
3,659 Views
Last Modified: 2014-03-19
Greetings,

I have need to have my ASA5505 listen on 2 IP addresses in the same subnet on the INSIDE interface (VLAN1).

The reason - another device with this secondary IP is being removed and I need to have the ASA listen on *both* its own IP and the IP of the device removed, at least until I find every device using the old gateway IP.

Example:
ASA (inside, VLAN1): 192.168.1.1 255.255.255.0

Old device "X":  192.168.1.10 255.255.255.0

I need something similar to (in router-speak):
int vlan 1
  ip address 192.168.1.1 255.255.255.0
  ip address 192.168.1.10 255.255.255.0 secondary
0
Comment
Question by:snowdog_2112
6 Comments
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39921978
You need to put the other subnet in its own vlan and dot1q the interface.
0
 

Author Comment

by:snowdog_2112
ID: 39922108
They are in the SAME subnet as mentioned in OP.  Thanks for quick response though.

Both devices have IP's in 192.168.1.0/24.

The old device is gone and won't be replaced, so I need the ASA to "own" 2 IP's on the same subnet - if only for a short while (months, perhaps).
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39922464
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:snowdog_2112
ID: 39924382
Nope.

Again - the secondary IP is on the SAME SUBNET as the primary.  I can't route from one to the other, and even if I wanted to, I can't VLAN it, since both IP's are in the middle of the same /24.

I have a hunch that it is somehow related to NAT - the devices pointing to 192.168.1.10 (the old IP, which has an arp alias on the ASA) are not being NAT'd or unNAT'd properly.
0
 
LVL 12

Accepted Solution

by:
Henk van Achterberg earned 500 total points
ID: 39935301
The ASA can only have on IP address on the inside interface.

Maybe you can use other solutions like a layer 3 switch or second (cheap) router.
0
 

Author Closing Comment

by:snowdog_2112
ID: 39940750
Love Cisco...

HATE Cisco!

The ASA is "not a router", so for small businesses who might possibly need some routing features, you need an ASA for $500 and another "real router" for another $500-1000.

Or...a $200 Netgear.

At least on an ASA you can type exec commands in conf mode without "do <command>", unlike Cisco routers.

Fair trade-off....maybe.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question