Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1373
Views
0
Helpful
2
Replies

IP Overlap with "Virtual254" after 9.0(3) Upgrade

zztopping
Level 4
Level 4

‎07-29-2013 07:46 PM - edited ‎03-11-2019 07:18 PM

After upgrading to 9.0(3) from 8.4(6), I noticed the standby firewall was not receiving the "ip address" statement for the outside interface from the primary, even after a force resync. After applying the statement on the standby manually, it began responding again. I performed the failover, and the same thing happened on the primary (formally active) firewall after arriving at 9.0(3). Once again I applied the workaround on the standby appliance and it began working. If I reload the standby, it will boot with no outside interface IP address (even after making sure I do a wr mem).

After fiddling with it a bit, if I (re)apply the "ip address" statement on the interface config of the ACTIVE unit, i get the following message:

ip address x..x.236.210 255.255.255.240 standby x.x.236.211

ERROR: Failed to apply IP address to interface Ethernet0/0, as the network overlaps with interface Virtual254. Two interfaces cannot be in the same subnet.

What is this Virtual254 interface? Are there any workarounds/remedies for this? Google did not help me on this one.

1 person had this problem
Labels:
0 Helpful
2 Replies 2

JOHN WILHELM
Level 4
Level 4

‎08-01-2013 01:28 PM

I recently upgraded our ASA 5510 to from 8.4 to 9.1 and then reset it.  I am getting this exact same error.  I'm trying to assign an ip address to an interface, and even though I have started this configuration over completely from scratch I get that same error.  I don't think that there is any possible way that I have the same subnet configured somewhere else.  

0 Helpful

JOHN WILHELM
Level 4
Level 4
In response to JOHN WILHELM

‎08-02-2013 09:09 AM

A simple reboot of the ASA fixed the problem for me.  I guess interface Virtual254 is used for port channels.  I didn't have any configured on it, but we previously did before I performed the upgrade and reset it back to factory defaults.  Some process must have gotten stuck during the upgrade, the reboot fixed it. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card