09-17-2017 07:39 PM - edited 02-21-2020 06:18 AM
Hello,
I was hired to do some side hustle work recently which included setting up an ASA5506-X with Firepower Module. Let me preface this by saying that I haven't touched an ASA for 6-7 years so I'm a bit rusty. The initial setup went just fine and I was able to get it set up with a default route to give the two connected hosts internet access.
I ran into some issue though when attempting to use the "inside" interface in commands. For example, I wanted to give SSH access to any host on the inside network (ssh 192.168.10.0 255.255.255.0 inside) I would get an error back stating it was an ambiguous statement.
Similarly, I ran into an issue trying to configure a nat to an inside host using the following command:
nat (inside,outside) static xxx.xxx.xxx.xxx
I eventually ended up resolving it by specifying which inside port interface on which the host was connected:
nat (inside_4,outside) static xxx.xxx.xxx.xxx
Did I miss a step in the inital setup to make the ASA recognize the "inside" object or is it the result of the NGFW operating differently?
Thanks,
Jake
Solved! Go to Solution.
09-18-2017 12:52 AM - edited 09-18-2017 06:43 AM
Your observed behavior is the result of the new default-config with bridged inside interfaces:
https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/general/asa-98-general-config/intro-start.html#concept_BE56002F4C3C4B478BDCC44A530076E0
Each "swichport" that belongs to the inside BVI has an individual nameif and is referenced individually.
09-17-2017 08:51 PM
09-18-2017 12:52 AM - edited 09-18-2017 06:43 AM
Your observed behavior is the result of the new default-config with bridged inside interfaces:
https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/general/asa-98-general-config/intro-start.html#concept_BE56002F4C3C4B478BDCC44A530076E0
Each "swichport" that belongs to the inside BVI has an individual nameif and is referenced individually.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide