Solved

Cisco ASA Interface Configuration

Posted on 2015-01-28
15
77 Views
Last Modified: 2015-02-16
Hello Experts,

Can someone let me know if its possible to configure interfaces on ASA with same named interface e.g.

interface Ethernet0/1
 description Connection to Inside A1 LAN
nameif inside
 security-level 100
 ip address 192.168.170.1 255.255.255.0

interface Ethernet0/2
 description Connection to Inside B2 LAN
nameif inside
 security-level 100
 ip address 10.25.0.1 255.255.255.0

Will the above work?

Regards
0
Comment
Question by:cpatte7372
  • 8
  • 5
  • 2
15 Comments
 
LVL 20

Expert Comment

by:netcmh
Comment Utility
Is your end goal to permit traffic between the two interfaces with the same security level? Please read http://3cvguy.com/cisco-asa/

If it's just for aesthetics, I don't think you can name 2 interfaces the same name.
0
 

Author Comment

by:cpatte7372
Comment Utility
Hi netcmh

Thanks for responding

Is your end goal to permit traffic between the two interfaces with the same security level?

Yes it is.

Is it possible?

Regards
0
 
LVL 20

Accepted Solution

by:
netcmh earned 500 total points
Comment Utility
0
 

Author Comment

by:cpatte7372
Comment Utility
Netcmh

I followed the instructions in the link but it didn't work, see below;

tina-asa(config)# same-security-traffic permit inter-interface
tina-asa(config)# int eth 0/2
tina-asa(config-if)# nameif inside
ERROR: Name "inside" has been assigned to interface Ethernet0/1
0
 
LVL 20

Expert Comment

by:netcmh
Comment Utility
You cannot name both the interfaces the same name. What is your requirement for doing this?
0
 

Author Comment

by:cpatte7372
Comment Utility
Netcmh,

OK, I'm getting confused here:

ASA-CLI (config) # static (server,storage) 192.168.0.0 255.255.255.0 192.168.0.0 255.255.255.0

ASA-CLI (config) # static (storage,server) 192.168.2.0 255.255.255.0 192.168.2.0 255.255.255.0

Is (server,storage) the nameif for server and storage?
0
 

Author Comment

by:cpatte7372
Comment Utility
I'm getting the error here:

static (inside,newlan) 192.168.170.0 255.255.255.0 192.168.170.0 255.255.255.0
                                                      ^
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:cpatte7372
Comment Utility
You cannot name both the interfaces the same name. What is your requirement for doing this?

I have changed it on the second interface to 'newlan'

But I can't get the static to work, see above
0
 

Author Comment

by:cpatte7372
Comment Utility
Any thoughts?
0
 
LVL 50

Expert Comment

by:Don Johnston
Comment Utility
If both interfaces have the same security level (but different names) and you have "same-security-traffic permit inter-interface" enabled then you should be able to move traffic between those interfaces.

Is that not working?
0
 

Author Comment

by:cpatte7372
Comment Utility
Hi Don,

Apparently, I need the following configuration to make it work:

static (inside,newlan) 192.168.170.0 255.255.255.0 192.168.170.0 255.255.255.0

But it still doesn't work
0
 
LVL 50

Expert Comment

by:Don Johnston
Comment Utility
You will also need:

static (newlan, static) 192.168.170.0 255.255.255.0 192.168.170.0 255.255.255.0
0
 
LVL 20

Expert Comment

by:netcmh
Comment Utility
Sorry, I was away on a meeting. Were you able to get the traffic flowing?
0
 

Author Closing Comment

by:cpatte7372
Comment Utility
Cheers
0
 
LVL 20

Expert Comment

by:netcmh
Comment Utility
Thanks for the grade. Good luck.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now