Re: Adding Additional Interfaces to Cisco ASAv

Garry Cooper · ‎06-20-2023

Need to add some additional interfaces to a pair of ASAv running on ESX. (Deleted the original ones when it was initially built)

After adding powering down the ASAv and then adding the interfaces, the ASA's boot but I do not get any network access.

The interfaces are there and the config looks correct, but I did notice that the http server enable had been stripped out ,so there may have been more missing and dont know why.

Has anyone successfully added additional interface to ASAv's or do I have to build some new ones with the interfaces.

marce1000 · ‎06-20-2023

- Ref : https://www.cisco.com/c/en/us/td/docs/security/asa/asa910/asav/quick-start-book/asav-910-qsg/asav_intro.html#id_45634 , also have a look at Table 5

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

MHM Cisco World · ‎06-20-2023

Use same interface but add more subinterface' can you do that ?

Garry Cooper · ‎06-21-2023

Thanks for the links but still not an answer that I need. but will look at the subinterface option.

Aref Alsouqi · ‎06-21-2023

Could you please share the sanitized configs for review?

Garry Cooper · ‎06-21-2023

!
interface GigabitEthernet0/0
nameif inside
security-level 100
ip address *.*.*.* 255.255.248.0 standby *.*.*.*
!
interface GigabitEthernet0/1
nameif outside
security-level 0
ip address *.*.*.* 255.255.255.0 standby *.*.*.*
policy-route route-map Default-Route-Inside
!
interface GigabitEthernet0/2
description LAN/STATE Failover Interface
!
interface Management0/0
no management-only
shutdown
nameif management
security-level 0
ip address *.*.*.* 255.255.255.0 standby *.*.*.*
!

MHM Cisco World · ‎06-21-2023

interface GigabitEthernet0/0
nameif inside
security-level 100
ip address *.*.*.* 255.255.248.0 standby *.*.*.*

divide this into multi subinterface

Aref Alsouqi · ‎06-21-2023

Could you please share the output of the command "sh int ip br"?

Garry Cooper · ‎06-22-2023

ncc-anyconnect# sh int ip br
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 *** YES CONFIG up up
GigabitEthernet0/1 **** YES CONFIG up up
GigabitEthernet0/2 192.168.1.1 YES unset up up
Internal-Data0/0 169.254.1.1 YES unset up up
Management0/0 *** YES CONFIG administratively down up
ncc-anyconnect#

Aref Alsouqi · ‎06-23-2023

Do you see anything on the ARP table? also, I assume you assinged the additional interface to the right port group on the ESXi?

Garry Cooper · ‎06-28-2023

I didnt check the arp table as I deliberately shutdown the interfaces.

Aref Alsouqi · ‎06-28-2023

If you bring up the interfaces do you see normal ARP entries? how the port group security settings are configured on the ESXi?