Hi Jouni Thank you for the

yewmeng01 · ‎12-04-2014

Hi

I would like to know whether it is possible to assign 2 same subnets IP into 2 inside interfaces in ASA 5515-X.

GigabitEthernet port 0/0 as WAN interface (IP: 10.162.21.1/24)
GigabitEthernet port 0/1 as first INSIDE interface (IP:10.162.23.1/24 , for host A IP:10.162.23.10/24)
GigabitEthernet port 0/2 as second INSIDE interface (IP: 10.162.23.1/24), for host B IP:10.162.23.11/24)

As a result, the second INSIDE interface doesn’t allow to enter IP:10.162.23.X/24 again and saying "Failed to apply IP address to interface GigabitEthernet0/2, as the network overlaps with interface GigabitEthernet0. Two interfaces cannot be in the same subnet.

Therefore, could the above concept works without adding another network switch?

Thank you in advance.

Jouni Forss · ‎12-04-2014

Hi,

Why would you want to configure the same subnet to 2 different physical interfaces? Are you connecting actual hosts/PCs to the ASA directly? If so you should really get a switch behind the ASA and connect the hosts there.

But I don't see this being possible on the ASA in any way.

Only low end ASA that would let you attach hosts directly to the same subnet through the ASA directly is the ASA5505. This is because it has a 8 port switch module and you can bind multiple ports to the same Vlan ID and the subnets gateway would be located on the ASA as a logical Vlan interface.

- Jouni

yewmeng01 · ‎12-04-2014

Hi Jouni

Thank you for the reply.

Initially, my client wanted to connect the 2 hosts in same subnet to 2 physical interfaces in ASA.

However, it is impossible on the ASA 5515-X anyway.

Nevertheless, I will persuade him to implement a network switch behind the ASA and connect all the hosts there.

Thank you for help.

2 same subnets for inside interfaces in ASA 5515-X

ASA 5515-X 进入IOS失败

ASA 5515-X 配置EZVPN

IOS-XE: show interfaces transceiver で QSFP 光レベルの合計値が正しくない場合がある

2013/7/23 Webcast 「Advanced ASA Firewalls Inside Out」資料(PDF)

IOS-XE: redistribute コマンドの subnets オプションについて