IP Overlap with "Virtual254" after 9.0(3) Upgrade

zztopping · ‎07-29-2013

After upgrading to 9.0(3) from 8.4(6), I noticed the standby firewall was not receiving the "ip address" statement for the outside interface from the primary, even after a force resync. After applying the statement on the standby manually, it began responding again. I performed the failover, and the same thing happened on the primary (formally active) firewall after arriving at 9.0(3). Once again I applied the workaround on the standby appliance and it began working. If I reload the standby, it will boot with no outside interface IP address (even after making sure I do a wr mem).

After fiddling with it a bit, if I (re)apply the "ip address" statement on the interface config of the ACTIVE unit, i get the following message:

ip address x..x.236.210 255.255.255.240 standby x.x.236.211

ERROR: Failed to apply IP address to interface Ethernet0/0, as the network overlaps with interface Virtual254. Two interfaces cannot be in the same subnet.

What is this Virtual254 interface? Are there any workarounds/remedies for this? Google did not help me on this one.

JOHN WILHELM · ‎08-01-2013

I recently upgraded our ASA 5510 to from 8.4 to 9.1 and then reset it. I am getting this exact same error. I'm trying to assign an ip address to an interface, and even though I have started this configuration over completely from scratch I get that same error. I don't think that there is any possible way that I have the same subnet configured somewhere else.

JOHN WILHELM · ‎08-02-2013

A simple reboot of the ASA fixed the problem for me. I guess interface Virtual254 is used for port channels. I didn't have any configured on it, but we previously did before I performed the upgrade and reset it back to factory defaults. Some process must have gotten stuck during the upgrade, the reboot fixed it.