Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Cisco ASA Interface Configuration

Posted on 2015-01-28
15
80 Views
Last Modified: 2015-02-16
Hello Experts,

Can someone let me know if its possible to configure interfaces on ASA with same named interface e.g.

interface Ethernet0/1
 description Connection to Inside A1 LAN
nameif inside
 security-level 100
 ip address 192.168.170.1 255.255.255.0

interface Ethernet0/2
 description Connection to Inside B2 LAN
nameif inside
 security-level 100
 ip address 10.25.0.1 255.255.255.0

Will the above work?

Regards
0
Comment
Question by:cpatte7372
  • 8
  • 5
  • 2
15 Comments
 
LVL 20

Expert Comment

by:netcmh
ID: 40575155
Is your end goal to permit traffic between the two interfaces with the same security level? Please read http://3cvguy.com/cisco-asa/

If it's just for aesthetics, I don't think you can name 2 interfaces the same name.
0
 

Author Comment

by:cpatte7372
ID: 40575160
Hi netcmh

Thanks for responding

Is your end goal to permit traffic between the two interfaces with the same security level?

Yes it is.

Is it possible?

Regards
0
 
LVL 20

Accepted Solution

by:
netcmh earned 500 total points
ID: 40575168
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:cpatte7372
ID: 40575182
Netcmh

I followed the instructions in the link but it didn't work, see below;

tina-asa(config)# same-security-traffic permit inter-interface
tina-asa(config)# int eth 0/2
tina-asa(config-if)# nameif inside
ERROR: Name "inside" has been assigned to interface Ethernet0/1
0
 
LVL 20

Expert Comment

by:netcmh
ID: 40575185
You cannot name both the interfaces the same name. What is your requirement for doing this?
0
 

Author Comment

by:cpatte7372
ID: 40575202
Netcmh,

OK, I'm getting confused here:

ASA-CLI (config) # static (server,storage) 192.168.0.0 255.255.255.0 192.168.0.0 255.255.255.0

ASA-CLI (config) # static (storage,server) 192.168.2.0 255.255.255.0 192.168.2.0 255.255.255.0

Is (server,storage) the nameif for server and storage?
0
 

Author Comment

by:cpatte7372
ID: 40575215
I'm getting the error here:

static (inside,newlan) 192.168.170.0 255.255.255.0 192.168.170.0 255.255.255.0
                                                      ^
0
 

Author Comment

by:cpatte7372
ID: 40575219
You cannot name both the interfaces the same name. What is your requirement for doing this?

I have changed it on the second interface to 'newlan'

But I can't get the static to work, see above
0
 

Author Comment

by:cpatte7372
ID: 40575244
Any thoughts?
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40575350
If both interfaces have the same security level (but different names) and you have "same-security-traffic permit inter-interface" enabled then you should be able to move traffic between those interfaces.

Is that not working?
0
 

Author Comment

by:cpatte7372
ID: 40575357
Hi Don,

Apparently, I need the following configuration to make it work:

static (inside,newlan) 192.168.170.0 255.255.255.0 192.168.170.0 255.255.255.0

But it still doesn't work
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40575362
You will also need:

static (newlan, static) 192.168.170.0 255.255.255.0 192.168.170.0 255.255.255.0
0
 
LVL 20

Expert Comment

by:netcmh
ID: 40575518
Sorry, I was away on a meeting. Were you able to get the traffic flowing?
0
 

Author Closing Comment

by:cpatte7372
ID: 40608049
Cheers
0
 
LVL 20

Expert Comment

by:netcmh
ID: 40612074
Thanks for the grade. Good luck.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Botnet detection help me please 21 133
Unmanaged Switches for Optimized Network Speeds 7 50
Sonicwall SHA issue 4 40
Factory Reset of Juniper SSG20 2 17
In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question