https://community.cisco.com/t5/network-security/2-firewalls-connected-to-the-vlan/m-p/2486470#M269368 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>What version are you using on the ASA?</P><P></P><P>8.3 + no problem</P><P>8.2 - not possible.</P><P></P><P>static (DMZ,outside) 10.1.1.10 172.16.1.10</P><P>static (DMZ,outside) 10.2.2.10 172.16.1.10</P><P>ERROR: duplicate of existing static</P><P>&nbsp; inside:172.16.1.10 to outside:10.1.1.10 netmask 255.255.255.255</P><P></P><P>Regards,</P><P></P><P>Felipe.</P><P></P><P></P><P>Remember to rate useful posts. </P></BODY></HTML> Wed, 19 Feb 2014 01:12:16 GMT lcambron 2014-02-19T01:12:16Z https://community.cisco.com/t5/network-security/2-firewalls-connected-to-the-vlan/m-p/2486469#M269366 <P>We are in process of migrating to different ISP thus we have to change the Public IP Addresses.</P><P>I have no issue changing inside and outside ip address but the servers in the DMZ are the issue.</P><P>We want clients access the DMZ servers from new and current ISP than turn the current one off after about a month or so.</P><P>My idea is assign new IP address for inside and outside interfaces and connect the DMZ in to the existing DMZ.</P><P></P><P>current FW:</P><P>inside: 192.168.1.1/24: vlan 192</P><P>outside: 10.1.1.1/24: vlan 10</P><P>dmz: 172.16.1.1./24: vlan 172 </P><P></P><P>new FW:</P><P>inside: 192.168.20.1/24: vlan 168</P><P>outside: 10.2.2.2/24: vlan 20</P><P>dmz: 172.16.1.2/24 vlan 172</P><P></P><P>do you see any issue configuring FW like this?&nbsp; ACL and NAT rule will be simlar where outside clients will be reaching the same DMZ servers using different outisde IP addresses.&nbsp; I have ASA5520</P><P>ie)</P><P>10.1.1.10 -&gt; 172.16.1.10</P><P>10.2.2.10 -&gt; 172.16.1.10</P> Tue, 12 Mar 2019 03:47:07 GMT https://community.cisco.com/t5/network-security/2-firewalls-connected-to-the-vlan/m-p/2486469#M269366 vatter 2019-03-12T03:47:07Z https://community.cisco.com/t5/network-security/2-firewalls-connected-to-the-vlan/m-p/2486470#M269368 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>What version are you using on the ASA?</P><P></P><P>8.3 + no problem</P><P>8.2 - not possible.</P><P></P><P>static (DMZ,outside) 10.1.1.10 172.16.1.10</P><P>static (DMZ,outside) 10.2.2.10 172.16.1.10</P><P>ERROR: duplicate of existing static</P><P>&nbsp; inside:172.16.1.10 to outside:10.1.1.10 netmask 255.255.255.255</P><P></P><P>Regards,</P><P></P><P>Felipe.</P><P></P><P></P><P>Remember to rate useful posts. </P></BODY></HTML> Wed, 19 Feb 2014 01:12:16 GMT https://community.cisco.com/t5/network-security/2-firewalls-connected-to-the-vlan/m-p/2486470#M269368 lcambron 2014-02-19T01:12:16Z https://community.cisco.com/t5/network-security/2-firewalls-connected-to-the-vlan/m-p/2486471#M269370 <HTML><HEAD></HEAD><BODY><P> i am running 8.45</P></BODY></HTML> Wed, 19 Feb 2014 02:29:47 GMT https://community.cisco.com/t5/network-security/2-firewalls-connected-to-the-vlan/m-p/2486471#M269370 vatter 2014-02-19T02:29:47Z https://community.cisco.com/t5/network-security/2-firewalls-connected-to-the-vlan/m-p/2486472#M269371 <HTML><HEAD></HEAD><BODY><P>Then it should be fine. You will need to have both ranges of IPs on the outside at the same time and make sure you have the command: </P><P>arp permit-nonconnected</P><P></P><P>Regards,</P><P></P><P>Felipe.</P><P></P><P></P><P>Remember to rate useful posts. </P></BODY></HTML> Wed, 19 Feb 2014 02:32:49 GMT https://community.cisco.com/t5/network-security/2-firewalls-connected-to-the-vlan/m-p/2486472#M269371 lcambron 2014-02-19T02:32:49Z https://community.cisco.com/t5/network-security/2-firewalls-connected-to-the-vlan/m-p/2486473#M269374 <HTML><HEAD></HEAD><BODY><P> what will happen if i don't have the command ?</P><P>arp permit-nonconnected</P></BODY></HTML> Wed, 19 Feb 2014 02:42:11 GMT https://community.cisco.com/t5/network-security/2-firewalls-connected-to-the-vlan/m-p/2486473#M269374 vatter 2014-02-19T02:42:11Z https://community.cisco.com/t5/network-security/2-firewalls-connected-to-the-vlan/m-p/2486474#M269376 <HTML><HEAD></HEAD><BODY><P>If you have two networks on the outside, you need the command for the ASA to respond to arp requests:</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/c/en/us/td/docs/security/asa/command-reference/cmdref/a3.html#pgfId-1837762">http://www.cisco.com/c/en/us/td/docs/security/asa/command-reference/cmdref/a3.html#pgfId-1837762</A></P><P></P><P></P><P><SPAN>Cisco Worldwide Contact link:&nbsp; </SPAN><A class="jive-link-external-small" href="http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html">http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html</A><SPAN> </SPAN></P><P></P><P>Regards,</P><P></P><P>Felipe.</P><P></P><P></P><P>Remember to rate useful posts. </P></BODY></HTML> Wed, 19 Feb 2014 03:31:16 GMT https://community.cisco.com/t5/network-security/2-firewalls-connected-to-the-vlan/m-p/2486474#M269376 lcambron 2014-02-19T03:31:16Z