Addition of secondary IP to ASA5515 interface

sameerj1212 · ‎02-20-2016

Hello,

I have a working ASA5515 with VLAN 80 (192.168.4.0/22), now I have created one more VLAN say VLAN90 (10.27.208.0/22).

Now I want to pass both VLAN traffic simultaneously via ASA firewall where I have inside interface IP in VLAN-80 and which is a GW for all end user who seats in VLAN 80.

Now I have users in VLAN 90, i want to use same inside interface for them as well, is it possible to configure secondary IP in ASA5515 which will be in VLAN90, which will be acting as GW for end users in VLAN 90.

Kindly suggest.

Marius Gunnerud · ‎02-20-2016

It is not possible to configure a secondary IP. You will need to reconfigure the inside interface physical port to be subinterfaces and assign each subinterface to its respective VLAN. Something like the following:

int Gig1/1

no shut

int Gig1/1.80

vlan 80

security level 100

nameif inside

ip add 192.168.4.1 255.255.252.0

int Gig1/1.90

vlan 90

security-level 80

nameif DMZ

ip add 10.27.208.1 255.255.252.0

Remember that the switch port the ASA is connected to will need to be configured as a trunk and the VLANs should be allowed over the trunk if you are using allowed VLAN lists.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts