VLAN on ASA 5520

Unanswered Question
Feb 16th, 2009

Good afternoon guys,

I'd like to do a vlan with 2 interfaces and just one IP, can I do it?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Mon, 02/16/2009 - 10:10

Denis

Could you give a few more details.

You can use transparent mode where you have 2 vlans with one IP but by the sounds of it this is not what you want.

Are you asking if the ASA can support IRB (Intergrated Routing/Bridging) where 2 interfaces on your ASA are in the same vlan and share an IP address ?

Jon

Jon Marshall Mon, 02/16/2009 - 11:40

Denis

I'm not aware of the ASA supporting the likes of IRB but then i have never found the need to configure it so i'm not 100% certain on that. I have had a quick look at the configuration docs and couldn't find anything other than transparent mode which is slightly different ie. you bridge together 2 vlans.

Unfortunately i don't have access to an ASA to test but i don't think this is supported.

Jon

denaumcisco Mon, 02/16/2009 - 11:55

Well, I need to link 2 computers into the ASA using necessarily 2 ASA's interfaces.

and I need to put the same IP address on both interfaces, because the computers have the same configuration

Anybody?

denaumcisco Mon, 02/16/2009 - 12:33

I need to do a vpn between two ASA 5520 with the basic IOS, can I do it?

denaumcisco Wed, 02/18/2009 - 15:03

Mike,

Do you have a configuration for me to do a vpn between 2 ASA 5520?

I tried use some commands from the guide that u sent to me , but without sucess

denaumcisco Thu, 02/19/2009 - 03:13

Anybody has a configuration for me to do a vpn between 2 ASA 5520?

I tried use some commands from the guide isakmp/ipsec , but without sucess

And a solution to a backup route, I found the command "track" on the internet, but didnt work on 5520

thanks

denaumcisco Thu, 02/19/2009 - 03:24

Here is the vpn configuration and the results

crypto isakmp policy 10 hash md5

crypto isakmp policy 10 authentication pre-share

crypto isakmp enable outside

crypto map mymap 10 match address 100

access-list 100 permit ip 172.16.3.0 255.255.255.0 172.16.1.0 255.255.255.0

crypto ipsec transform-set myset esp-des esp-hd5-hmac

crypto map mymap 10 set peer 10.22.12.22

crypto map mymap 10 set transform-set myset

crypto map mymap interface outside

Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)

Total IKE SA: 1

1 IKE Peer: 10.12.28.5

Type : user Role : initiator

Rekey : no State : MM_WAIT_MSG4

robertson.michael Thu, 03/12/2009 - 14:53

Hi Dennis,

Can you post the configurations on both sides of tunnel? Many of the settings much match. Here is an example that should at least bring the tunnel up:

ASA1:

crypto isakmp policy 10 hash md5

crypto isakmp policy 10 authentication pre-share

crypto isakmp policy 10 encryption des

crypto isakmp policy 10 group 2

crypto isakmp policy 10 lifetime 86400

crypto isakmp enable outside

crypto map mymap 10 match address 100

access-list 100 permit ip 172.16.3.0 255.255.255.0 172.16.1.0 255.255.255.0

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto map mymap 10 set peer 10.22.12.22

crypto map mymap 10 set transform-set myset

crypto map mymap 10 set pfs

crypto map mymap interface outside

ASA2:

crypto isakmp policy 10 hash md5

crypto isakmp policy 10 authentication pre-share

crypto isakmp policy 10 encryption des

crypto isakmp policy 10 group 2

crypto isakmp policy 10 lifetime 86400

crypto isakmp enable outside

crypto map mymap 10 match address 100

access-list 100 permit ip 172.16.1.0 255.255.255.0 172.16.3.0 255.255.255.0

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto map mymap 10 set peer 10.22.12.21

crypto map mymap 10 set transform-set myset

crypto map mymap 10 set pfs

crypto map mymap interface outside

As I mentioned, if you are still having trouble, please post your existing configs that exist on each side of the tunnel.

Hope that helps.

-Mike

Actions

This Discussion