12-07-2017 08:05 PM - edited 02-21-2020 06:55 AM
hai all...... newbie here,
i got issue, when i change my ip firewall subnet besides 0/16 that core switch can't grab that ip..
my ip using here in network class A...
sorry for bad english
12-14-2017 10:50 AM
Hello Diley,
I hope you are fine!
From what I understand on your description when you change the ip of the interface of the firewall the switch cannot connect to it, could you pleas send the configuration changes, the mac of both interfaces (ASA and Switch) and a show arp of the asa.
12-21-2017 07:02 PM
hii Kornelia Gutierrez....
sorry for late feedback... got long training course....
yup, if i change my ip interface firewall other from /16 that coreswitch cant grab...
default route my core 0.0.0.0 0.0.0.0 10.38.50.2
my firewall ip 10.38.50.1/16
i need to change my ip firewall to 10.38.50.1/30
show arp asa? please enlighten me
01-05-2018 09:03 AM
Hi Diiey,
Sorry for the late response, I have been busy, on the ASA I would need you to run the following command:
show arp | in 10.38.50
Also could you please let me know what is the ip for the switch? I understand the ASA's ip is 10.38.50.1, who is 10.38.50.2?
Regards,
01-08-2018 09:01 PM
hai, Kornelia Gutierrez
thanks for your support....
hope this its what u need
SGBNTCCSW-J2.2-1#sh arp | in 10.38.50
Internet 10.38.50.2 - 000f.342a.46bf ARPA Vlan50
Internet 10.38.50.1 0 001e.4f27.41f7 ARPA Vlan50
SGBNTCCSW-J2.2-1#sh ip route
Gateway of last resort is 10.38.50.1 to network 0.0.0.0
19.0.0.0/29 is subnetted, 1 subnets
C 19.16.10.8 is directly connected, Vlan51
10.0.0.0/8 is variably subnetted, 20 subnets, 5 masks
C 10.38.52.0/27 is directly connected, Vlan52
C 10.38.51.0/29 is directly connected, Vlan53
C 10.38.10.0/24 is directly connected, Vlan10
C 10.37.1.0/30 is directly connected, Vlan54
C 10.38.50.0/29 is directly connected, Vlan50
C 10.38.110.0/23 is directly connected, Vlan110
C 10.38.101.0/24 is directly connected, Vlan101
C 10.38.124.0/24 is directly connected, Vlan124
C 10.38.125.0/24 is directly connected, Vlan125
C 10.38.120.0/24 is directly connected, Vlan120
C 10.38.121.0/24 is directly connected, Vlan121
C 10.38.122.0/24 is directly connected, Vlan122
C 10.38.123.0/24 is directly connected, Vlan123
C 10.38.116.0/24 is directly connected, Vlan116
C 10.38.117.0/24 is directly connected, Vlan117
C 10.38.118.0/24 is directly connected, Vlan118
C 10.38.119.0/24 is directly connected, Vlan119
C 10.38.112.0/24 is directly connected, Vlan112
C 10.38.113.0/24 is directly connected, Vlan113
C 10.38.114.0/24 is directly connected, Vlan114
S* 0.0.0.0/0 [1/0] via 10.38.50.1
interface Vlan50
description Transit
ip address 10.38.50.2 255.255.255.248
SGBNTCCSW-J2.2-1#sh interfaces vlan 50
Vlan50 is up, line protocol is up
Hardware is Ethernet SVI, address is 000f.342a.46bf (bia 000f.342a.46bf)
Description: Transit
Internet address is 10.38.50.2/29
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 2/255
Encapsulation ARPA, loopback not set
ARP type: ARPA, ARP Timeout 04:00:00
core switch IP
interface Vlan10
description Management IP
ip address 10.38.10.254 255.255.255.0
01-09-2018 07:39 AM
Hi Diiey,
I think I know what the problem is, is about subnetting, please check the following:
When the ASA is configured with ip address 10.38.50.1/16 with mask /16, it is within this network range:
Network: 10.38.0.0/16
With a range of hosts from 10.38.0.1 to 10.38.255.254, within this range ip 10.38.50.1 (ASA's ip) and 10.38.10.254 (Core SW ip) resides on the same network space, for that reason they are able to communicate.
However when the ASA is configured with ip 10.38.0.1/30 with mask /30, ip 10.38.50.1 and ip 10.38.10.254 are no longer in the same network addressing space, since ASA ip address belongs to the following network range:
Network: 10.38.50.0/30
IP hosts range: 10.38.50.1 to 10.38.50.2 (from .1 to .2, son 10.38.10.254 is no longer in the picture)
For that reason they are not able to communicate, if you want to change the ASA subnet mask and still able to communicate to the core switch, then you should configure both ASA and SW with an ip address and subnet mask that belongs to the same network addressing space.
Hope this helps!
01-09-2018 08:59 PM
hai... Kornelia Gutierrez
thanks for your support....
very nice explanation, that mean i need change my ASA's ip to core switch range...
it should be 10.38.10.253/30 or 10.38.10.255/30 (ASA's ip) ?
01-09-2018 11:30 PM
Hi Diley,
Your ASA FW interface ip is 10.38.50.1/16 connected to your core sw vl 50 with ip 10.38.50.2/29.
On this scenario you have different broadcast address for the same subnet, so I suggest you to change your ASA FW ip address to /29, same with your core sw were is connected to or you can create two host between the ASA with Core SW so will be 10.38.50.1/30 and 10.38.50.2/30.
Hope this help!
Don't forget to rate to the correct answer and the helpful post.
Cheers
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide