Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1741
Views
6
Helpful
10
Replies

ASA interface Subnet

Go to solution
M.Sultan
Spotlight
Spotlight

‎09-23-2023 04:08 PM

Hello guys

I'm on ASA firewall, to assign IP for two interface- 1-int inside and the other is 2-int outside 

for inside int 192.168.10.20 255.255.255.0 and outside int 192.168.10.20 255.255.255.0,it pops the below sys log message. 

Failed to apply IP address to interface GigabitEthernet0/0, as the network overlaps with
the interface GigabitEthernet0/2. Two interfaces cannot be in the same subnet.

Does ASA make decision by looking to the subnet mask and doesn't care of IP network portion to differentiate  ?

what is the solution for this ?

Thank you 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni
In response to M.Sultan

‎09-25-2023 02:06 AM

I do understand what you are trying to achieve. However, there is some configuration on your device that makes ASA to believe you are overlapping with existing configuration. Based on what you wrote here and your previous warning message, it looks to me that scope 192.168.10.0/24 is already used on Gi0/2, while you are trying to configure it on Gi0/0 now.

Kind regards,

Milos

View solution in original post

10 Replies 10

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎09-24-2023 12:03 AM

You can not use same IP address  inside and outside ( that is not accepted)

Why do you need same IP address space inside and outside ?

Does ASA make decision by looking to the subnet mask and doesn't care of IP network portion to differentiate  ?  - yes it does.

you can subnet 192.168.10.0/24 in to /25 and use same subnet inside (first half )and outside.(second half).

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
M.Sultan
Spotlight
Spotlight
In response to balaji.bandi

‎09-25-2023 01:35 AM

for inside int 192.168.20.20 255.255.255.0 and outside int 192.168.10.20 255.255.255.0,it pops the below sys log message. 

Failed to apply IP address to interface GigabitEthernet0/0, as the network overlaps with
the interface GigabitEthernet0/2. Two interfaces cannot be in the same subnet.

 

there was an error sorry not the same subnet one is 192.168.20.20 255.255.255.0 and the other is 192.168.10.20 255.255.255.0 two different networks.

 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎09-24-2023 12:09 AM

The asa is work as router so role apply to router apply to asa.

Why you want same IP in inside and outside interface?

 

You can config asa as transparent and hence inside and outside can share same subnet (not same IP)

Go to solution
M.Sultan
Spotlight
Spotlight
In response to MHM Cisco World

‎09-25-2023 01:35 AM

for inside int 192.168.20.20 255.255.255.0 and outside int 192.168.10.20 255.255.255.0,it pops the below sys log message. 

Failed to apply IP address to interface GigabitEthernet0/0, as the network overlaps with
the interface GigabitEthernet0/2. Two interfaces cannot be in the same subnet.

 

there was an error sorry not the same subnet one is 192.168.20.20 255.255.255.0 and the other is 192.168.10.20 255.255.255.0 two different networks.

0 Helpful

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni
In response to M.Sultan

‎09-25-2023 01:43 AM

Hi @M.Sultan,

Could you please post the output of the "show run interface" command, for Gi0/0 and Gi0/2? If what you wrote is correct, I see no overlaps, thus no reason for ASA to give you that message. Could it be that mask is /23 on one interface?

Kind regards,

Milos

Go to solution
M.Sultan
Spotlight
Spotlight
In response to Milos_Jovanovic

‎09-25-2023 01:50 AM

Resolving confusion :

Imagine an ASA firewall, inside = interface gig0/0 ip add 192.168.10.20 255.255.255.0 

outside= interface gig0/1 ip add 192.168.20.20 255.255.255.0

it says overlap while it should'nt because i use two different network IPs not the same IP.

0 Helpful

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni
In response to M.Sultan

‎09-25-2023 02:06 AM

I do understand what you are trying to achieve. However, there is some configuration on your device that makes ASA to believe you are overlapping with existing configuration. Based on what you wrote here and your previous warning message, it looks to me that scope 192.168.10.0/24 is already used on Gi0/2, while you are trying to configure it on Gi0/0 now.

Kind regards,

Milos

Go to solution
M.Sultan
Spotlight
Spotlight
In response to Milos_Jovanovic

‎09-25-2023 01:50 AM

Resolving confusion :

Imagine an ASA firewall, inside = interface gig0/0 ip add 192.168.10.20 255.255.255.0 

outside= interface gig0/1 ip add 192.168.20.20 255.255.255.0

it says overlap while it should'nt because i use two different network IPs not the same IP.

 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to M.Sultan

‎09-25-2023 01:44 AM

Share output of 

Show interface ip breif 

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to M.Sultan

‎09-25-2023 07:06 AM 

 inside int 192.168.20.20 255.255.255.0 and outside int 192.168.10.20 255.255.255.0

if the 3rd octet changed that should work - until the config already applied and you try to use same IP it will not work

check interface config make sure when you configuration doing do not overlap same subnet.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card