Solved

Cisco ASA Interface Configuration

Posted on 2015-01-28
15
88 Views
Last Modified: 2015-02-16
Hello Experts,

Can someone let me know if its possible to configure interfaces on ASA with same named interface e.g.

interface Ethernet0/1
 description Connection to Inside A1 LAN
nameif inside
 security-level 100
 ip address 192.168.170.1 255.255.255.0

interface Ethernet0/2
 description Connection to Inside B2 LAN
nameif inside
 security-level 100
 ip address 10.25.0.1 255.255.255.0

Will the above work?

Regards
0
Comment
Question by:cpatte7372
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
  • 2
15 Comments
 
LVL 20

Expert Comment

by:netcmh
ID: 40575155
Is your end goal to permit traffic between the two interfaces with the same security level? Please read http://3cvguy.com/cisco-asa/

If it's just for aesthetics, I don't think you can name 2 interfaces the same name.
0
 

Author Comment

by:cpatte7372
ID: 40575160
Hi netcmh

Thanks for responding

Is your end goal to permit traffic between the two interfaces with the same security level?

Yes it is.

Is it possible?

Regards
0
 
LVL 20

Accepted Solution

by:
netcmh earned 500 total points
ID: 40575168
0
IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

 

Author Comment

by:cpatte7372
ID: 40575182
Netcmh

I followed the instructions in the link but it didn't work, see below;

tina-asa(config)# same-security-traffic permit inter-interface
tina-asa(config)# int eth 0/2
tina-asa(config-if)# nameif inside
ERROR: Name "inside" has been assigned to interface Ethernet0/1
0
 
LVL 20

Expert Comment

by:netcmh
ID: 40575185
You cannot name both the interfaces the same name. What is your requirement for doing this?
0
 

Author Comment

by:cpatte7372
ID: 40575202
Netcmh,

OK, I'm getting confused here:

ASA-CLI (config) # static (server,storage) 192.168.0.0 255.255.255.0 192.168.0.0 255.255.255.0

ASA-CLI (config) # static (storage,server) 192.168.2.0 255.255.255.0 192.168.2.0 255.255.255.0

Is (server,storage) the nameif for server and storage?
0
 

Author Comment

by:cpatte7372
ID: 40575215
I'm getting the error here:

static (inside,newlan) 192.168.170.0 255.255.255.0 192.168.170.0 255.255.255.0
                                                      ^
0
 

Author Comment

by:cpatte7372
ID: 40575219
You cannot name both the interfaces the same name. What is your requirement for doing this?

I have changed it on the second interface to 'newlan'

But I can't get the static to work, see above
0
 

Author Comment

by:cpatte7372
ID: 40575244
Any thoughts?
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40575350
If both interfaces have the same security level (but different names) and you have "same-security-traffic permit inter-interface" enabled then you should be able to move traffic between those interfaces.

Is that not working?
0
 

Author Comment

by:cpatte7372
ID: 40575357
Hi Don,

Apparently, I need the following configuration to make it work:

static (inside,newlan) 192.168.170.0 255.255.255.0 192.168.170.0 255.255.255.0

But it still doesn't work
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40575362
You will also need:

static (newlan, static) 192.168.170.0 255.255.255.0 192.168.170.0 255.255.255.0
0
 
LVL 20

Expert Comment

by:netcmh
ID: 40575518
Sorry, I was away on a meeting. Were you able to get the traffic flowing?
0
 

Author Closing Comment

by:cpatte7372
ID: 40608049
Cheers
0
 
LVL 20

Expert Comment

by:netcmh
ID: 40612074
Thanks for the grade. Good luck.
0

Featured Post

What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question