Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Cisco ASA 5505, secondary IP on inside interface, same subnet

Posted on 2014-03-11
6
Medium Priority
?
4,308 Views
Last Modified: 2014-03-19
Greetings,

I have need to have my ASA5505 listen on 2 IP addresses in the same subnet on the INSIDE interface (VLAN1).

The reason - another device with this secondary IP is being removed and I need to have the ASA listen on *both* its own IP and the IP of the device removed, at least until I find every device using the old gateway IP.

Example:
ASA (inside, VLAN1): 192.168.1.1 255.255.255.0

Old device "X":  192.168.1.10 255.255.255.0

I need something similar to (in router-speak):
int vlan 1
  ip address 192.168.1.1 255.255.255.0
  ip address 192.168.1.10 255.255.255.0 secondary
0
Comment
Question by:snowdog_2112
6 Comments
 
LVL 29

Expert Comment

by:Jan Springer
ID: 39921978
You need to put the other subnet in its own vlan and dot1q the interface.
0
 

Author Comment

by:snowdog_2112
ID: 39922108
They are in the SAME subnet as mentioned in OP.  Thanks for quick response though.

Both devices have IP's in 192.168.1.0/24.

The old device is gone and won't be replaced, so I need the ASA to "own" 2 IP's on the same subnet - if only for a short while (months, perhaps).
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39922464
0
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

 

Author Comment

by:snowdog_2112
ID: 39924382
Nope.

Again - the secondary IP is on the SAME SUBNET as the primary.  I can't route from one to the other, and even if I wanted to, I can't VLAN it, since both IP's are in the middle of the same /24.

I have a hunch that it is somehow related to NAT - the devices pointing to 192.168.1.10 (the old IP, which has an arp alias on the ASA) are not being NAT'd or unNAT'd properly.
0
 
LVL 12

Accepted Solution

by:
Henk van Achterberg earned 2000 total points
ID: 39935301
The ASA can only have on IP address on the inside interface.

Maybe you can use other solutions like a layer 3 switch or second (cheap) router.
0
 

Author Closing Comment

by:snowdog_2112
ID: 39940750
Love Cisco...

HATE Cisco!

The ASA is "not a router", so for small businesses who might possibly need some routing features, you need an ASA for $500 and another "real router" for another $500-1000.

Or...a $200 Netgear.

At least on an ASA you can type exec commands in conf mode without "do <command>", unlike Cisco routers.

Fair trade-off....maybe.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question