Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1182
Views
0
Helpful
5
Replies

ASA5520 DMZ sub-interfaces ip address error

Go to solution
dchen0999
Level 1
Level 1

‎06-21-2011 10:57 AM - edited ‎03-11-2019 01:48 PM

Hi,

I get the following ip addressing error. Please help.

ERROR: Failed to apply IP Address to interface g0/2.2, as the network overlaps with int g0/2.1. Two interfaces can not be in the same subnet.

!
int g0/2
nameif DMZ
no security-level
no ip add
!

int g0/2.1
vlan 11

security-level 50

ip add 10.10.10.1 255.255.255.192  /26

!

int g0/2/.2
vlan 12

security-level 50

ip add 10.10.10.65 255.255.255.128  /25
!

int g0/2.3
vlan 13

security-level 50
ip add 10.10.10.193 255.255.255.192   /26

!

Thanks

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Loren Kolnes
Cisco Employee
Cisco Employee

‎06-21-2011 11:05 AM

Hi,

You are getting the error because the 2 networks do overlap.

10.10.10.0 /26

Host range - 10.10.10.1 - 10.10.10.62

10.10.10.65 /25 with this netmask the network that 10.10.10.65 belongs to is 10.10.10.0/25

Host range - 10.10.10.1 - 10.10.10.126

Hope this helps.

Regards,

Loren

View solution in original post

0 Helpful

Go to solution
Loren Kolnes
Cisco Employee
Cisco Employee
In response to dchen0999

‎06-21-2011 11:20 AM

Hi,

The /25 mask puts interface Gig0/2.2 in the same subnet as Gig0/2.1.

There is no command that would allow this on the ASA.

The ip classless command on the router would not help here, the 2 networks overlap.

Here is what I did on a router in the lab:

router(config)#ip classless

router(config)#int loop 100

router(config-if)#ip add 10.10.10.1 255.255.255.192

router(config-if)#exit

router(config)#int loop 101

router(config-if)#ip add 10.10.10.65 255.255.255.128

% 10.10.10.0 overlaps with Loopback100

Is the /25 netmask supposed to be /26?

Thanks,

Loren

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Loren Kolnes
Cisco Employee
Cisco Employee

‎06-21-2011 11:05 AM

Hi,

You are getting the error because the 2 networks do overlap.

10.10.10.0 /26

Host range - 10.10.10.1 - 10.10.10.62

10.10.10.65 /25 with this netmask the network that 10.10.10.65 belongs to is 10.10.10.0/25

Host range - 10.10.10.1 - 10.10.10.126

Hope this helps.

Regards,

Loren

0 Helpful

Go to solution
dchen0999
Level 1
Level 1
In response to Loren Kolnes

‎06-21-2011 11:09 AM

Yes, I fully understand. Any fix, like ip classless, or no subnet-zero on ASA, advertize the route on eigrp. I check ip classless only works on cisco routers, not ASA.

Thanks Loren.

0 Helpful

Go to solution
dchen0999
Level 1
Level 1
In response to dchen0999

‎06-21-2011 11:13 AM

10.10.10.0/26
Host range - 10.10.10.1-63, 64-127, 128-191, 192-254

10.10.10.0/25
Host range - 10.10.10.1-127, 128-254

0 Helpful

Go to solution
Loren Kolnes
Cisco Employee
Cisco Employee
In response to dchen0999

‎06-21-2011 11:20 AM

Hi,

The /25 mask puts interface Gig0/2.2 in the same subnet as Gig0/2.1.

There is no command that would allow this on the ASA.

The ip classless command on the router would not help here, the 2 networks overlap.

Here is what I did on a router in the lab:

router(config)#ip classless

router(config)#int loop 100

router(config-if)#ip add 10.10.10.1 255.255.255.192

router(config-if)#exit

router(config)#int loop 101

router(config-if)#ip add 10.10.10.65 255.255.255.128

% 10.10.10.0 overlaps with Loopback100

Is the /25 netmask supposed to be /26?

Thanks,

Loren

0 Helpful

Go to solution
dchen0999
Level 1
Level 1
In response to Loren Kolnes

‎06-21-2011 12:53 PM

Thank you Loren.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card