Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
918
Views
5
Helpful
2
Replies

Clarification on inside interface for ASA5506-X

Go to solution
ndjake
Level 1
Level 1

‎09-17-2017 07:39 PM - edited ‎02-21-2020 06:18 AM

Hello,

 

I was hired to do some side hustle work recently which included setting up an ASA5506-X with Firepower Module.  Let me preface this by saying that I haven't touched an ASA for 6-7 years so I'm a bit rusty.  The initial setup went just fine and I was able to get it set up with a default route to give the two connected hosts internet access.

 

I ran into some issue though when attempting to use the "inside" interface in commands.  For example, I wanted to give SSH access to any host on the inside network (ssh 192.168.10.0 255.255.255.0 inside) I would get an error back stating it was an ambiguous statement.

 

Similarly, I ran into an issue trying to configure a nat to an inside host using the following command:

nat (inside,outside) static xxx.xxx.xxx.xxx

I eventually ended up resolving it by specifying which inside port interface on which the host was connected:

nat (inside_4,outside) static xxx.xxx.xxx.xxx

 

Did I miss a step in the inital setup to make the ASA recognize the "inside" object or is it the result of the NGFW operating differently?

Thanks,

Jake

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎09-18-2017 12:52 AM - edited ‎09-18-2017 06:43 AM

Your observed behavior is the result of the new default-config with bridged inside interfaces:
https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/general/asa-98-general-config/intro-start.html#concept_BE56002F4C3C4B478BDCC44A530076E0
Each "swichport" that belongs to the inside BVI has an individual nameif and is referenced individually.

View solution in original post

2 Replies 2

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎09-17-2017 08:51 PM

I suspect your SSH issue might be because you have multiple interfaces starting with the name inside. A software upgrade might fix that.
0 Helpful

Go to solution
Karsten Iwen
VIP
VIP

‎09-18-2017 12:52 AM - edited ‎09-18-2017 06:43 AM

Your observed behavior is the result of the new default-config with bridged inside interfaces:
https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/general/asa-98-general-config/intro-start.html#concept_BE56002F4C3C4B478BDCC44A530076E0
Each "swichport" that belongs to the inside BVI has an individual nameif and is referenced individually.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card