Cisco Community
English
Register
We're here for you! LEARN about free offerings and business continuity best practices during the COVID-19 pandemic
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
4152
Views
1
Helpful
2
Replies
pravin.naidu
pravin.naidu Beginner
Beginner
‎11-25-2012 10:56 PM
‎11-25-2012 10:56 PM

How to Configure Secondary IP on inside interface of ASA 5520

Hi, We already have a subnet defined to inside interface and is in produciton. the default gateway is this interface ip. In that setup now I have to add one more subnet and as the first subnet is been defined in ASA indside interface, I have to assign secondary Ip to the inside interface so that new subnet users can easily reach here and go outside.

MY ASA is not internet facing but is facing my private MPLS cloud.

Kindly advice

Labels:
0 Helpful
Reply
2 REPLIES 2
Highlighted
Jouni Forss
Jouni Forss Mentor
Mentor
‎11-25-2012 11:59 PM
‎11-25-2012 11:59 PM

Re: How to Configure Secondary IP on inside interface of ASA 552

Hi,

I have run into situation where this would have been usefull but I have always gone with a different setup and not configured any secondary networks under one interface.

If you are indeed configuring another subnet under the same LAN interface I guess you can do it a few commands. I'm not sure if theres been some changes to the ASA software that might cause problems.

To my understanding the configuration used to be like this

  • Existing subnet: 192.168.1.0/24
  • ASA Interface IP: 192.168.1.1

  • New subnet: 192.168.2.0/24
  • ASA Interface IP: 192.168.2.1

Commands

  • arp inside 192.168.2.1 1234.5678.90ab alias
  • route inside 192.168.2.0 255.255.255.0 192.168.1.1
  • same-security-traffic permit intra-interface

I would expect this has limitations but I can't say for sure as I have never resorted to it myself. It might not even work anymore depending on your software. I would suggest looking at the whole network setup, perhaps handling this with a real router instead of ASA. Perhaps configuring a Trunk between ASA and some LAN Switch and creating a separate ASA interface for both subnets.

But this is just my personal suggestion. I always try to keep things simple and avoid special setups. In the long run you might either be causing a bigger headache for yourself or just end up doing the change which would have been best in the first place

- Jouni

Reply
Highlighted
f.renault
f.renault Beginner
Beginner
‎04-19-2016 06:13 AM
‎04-19-2016 06:13 AM

IOS 9.2(3)4

IOS 9.2(3)4

Invalid next hop address 192.168.1.1, it matches our IP address.

0 Helpful
Reply
Latest Contents
cisco duo integration anyconnect ssl vpn
Created by elite2010 on 04-05-2020 10:59 AM
0
0
0
0
Hi,I was trying to 2fa cisco duo , all the required settings done  as per below . The problem is duo cloud  does nti not getting any request from the asa . So I am not getting any code from the duo https://www.youtube.com/watch?v=6nEvmc8wji... view more
Community Ask Me Anything event- Configuration, Troubleshoot...
Created by ciscomoderator on 04-03-2020 05:38 PM
0
0
0
0
This event continues the conversation of our recent Community Ask Me Anything event "Secure Remote Workers". To   participate   in this event, please use the   button   to ask your questions Here’s your ch... view more
Cognitive Release Note, March 2020: Additional annotations i...
Created by aligarci on 04-02-2020 12:05 PM
0
5
0
5
User Experience Enhancements As part of the Cisco Common User Experience program, we are working towards a more uniform user experience and terminology alignment. This program runs across all Cisco security products.   Early Access introduces a... view more
Initial AnyConnect Configuration for FTD managed by FMC
Created by jgrudier on 04-01-2020 07:12 PM
12
15
12
15
  This video features a step by step walk through of configuring Cisco AnyConnect on FTD managed by FMC. Timestamps included for certificate installation, Access Control, Licensing, NAT, and Deployment failures.
Certificate Signing
Created by Tyche on 04-01-2020 01:02 PM
2
0
2
0
I am trying to solve a CSR signing issue in a home lab.Can someone  clarify this theoretical point? According to Wikipedia: "Before creating a CSR, the applicant first generates a key pair, keeping the private key secret. The... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
Spotlight Awards- February 2020

Follow our Social Media Channels