Showing results for 
Search instead for 
Did you mean: 


ASA interface config

Having some trouble which im sure is very fundamental....just trying to set the IP on my 2nd interface:

ASA5520(config-if)# ip address

Interface outside ip address or netmask not valid (

ERROR: ip address command failed


what am i missing here?


I cannnot makeout what you are missing in the sequence but following is the order you need to follow

hostname(config)# interface gigabitethernet0/1

hostname(config-if)# speed 1000

hostname(config-if)# duplex full

hostname(config-if)# nameif inside

hostname(config-if)# security-level 100

hostname(config-if)# ip address

hostname(config-if)# no shutdown

yea, the interface is named outside with security level of 0. even if speed and duplex were not set (which i will check tommorrow) doesnt the error I am getting indicate I am inputting an invalid address or netmask as part of the interface config?

The error is certainly saying you're entering an invalid IP adress/mask, although there's nothing actually wrong with what you're entering. The same commands enter fine on my ASA as follows:

ASA5510(config-if)# int e0/0

ASA5510(config-if)# ip address


I've sen this a couple of times when customers have tried defining inside inteface IP addresses and they also have DHCP enabled on the inside interface. Haven't seen it specifically on the outside int but try removing any DHCPD configuration from the ASA first, then define the IP address, then put your DHCP config back in.

There's a couple of bugs on this, can't remember the ID's specifically but I believe they're all fixed in the latest code so you might want to also upgrade to the latest code available here:

thanks, I think this DHCP bug is what im experiencing.

I upgraded to 7.0(4)5 and it allowed me to configure an IP on the interface. I had previously used it as a DHCP client and am now trying to set it up as a DHCP server on that interface (just testing the box right now so i will be using this for DHCP relay shortly as well).

so anyhow, now I am trying to anable a dhcpd server on that interface but it wont let me because it says it is configured as a dhcp client already. when I do a show dhcpd state it shows me information consistent with this but how can an interface be a DHCP client if I have a static IP configured on it?

how can I clear out this dhcp client config?


well I got it to work. Not sure if I was configuring it wrong or if this is still a buggy release.

I got that same "incorrect netmask" error again even when running the new version of os. Finally after a series of trying to remove the dhcp client config on the itnerface in question and rebooting, shutting down the interface and rebooting etc etc, I was able to configure an interface IP, set the dhcpd address pool, enable dhcpd on that interface, and then bring the interface up and all appears to be working.

Again I am not sure if this is due to my repeated attempts to get rid of the dhcp setting on the interface followed by reboots (most likely) or just due to finally entering the commands in the correct order (less likely).

either way, thanks for the help


Check your IP addresses, my issue was caused because I had mistyped an address and was fixed after I corrected the error.

After 14 years I hope the original poster has it figured out by now.

Content for Community-Ad