cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
981
Views
0
Helpful
10
Replies

VLAN on ASA 5520

denaumcisco
Level 1
Level 1

Good afternoon guys,

I'd like to do a vlan with 2 interfaces and just one IP, can I do it?

10 Replies 10

Jon Marshall
Hall of Fame
Hall of Fame

Denis

Could you give a few more details.

You can use transparent mode where you have 2 vlans with one IP but by the sounds of it this is not what you want.

Are you asking if the ASA can support IRB (Intergrated Routing/Bridging) where 2 interfaces on your ASA are in the same vlan and share an IP address ?

Jon

Yes Jon, something like IRB

Denis

I'm not aware of the ASA supporting the likes of IRB but then i have never found the need to configure it so i'm not 100% certain on that. I have had a quick look at the configuration docs and couldn't find anything other than transparent mode which is slightly different ie. you bridge together 2 vlans.

Unfortunately i don't have access to an ASA to test but i don't think this is supported.

Jon

Well, I need to link 2 computers into the ASA using necessarily 2 ASA's interfaces.

and I need to put the same IP address on both interfaces, because the computers have the same configuration

Anybody?

I need to do a vpn between two ASA 5520 with the basic IOS, can I do it?

Hi Denis,

In response to your second question: yes, you can configure a basic VPN tunnel between two ASA's. Take a look at the following link for more details and configuration examples:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/ike.html

Hope that helps.

-Mike

Mike,

Do you have a configuration for me to do a vpn between 2 ASA 5520?

I tried use some commands from the guide that u sent to me , but without sucess

Anybody has a configuration for me to do a vpn between 2 ASA 5520?

I tried use some commands from the guide isakmp/ipsec , but without sucess

And a solution to a backup route, I found the command "track" on the internet, but didnt work on 5520

thanks

Here is the vpn configuration and the results

crypto isakmp policy 10 hash md5

crypto isakmp policy 10 authentication pre-share

crypto isakmp enable outside

crypto map mymap 10 match address 100

access-list 100 permit ip 172.16.3.0 255.255.255.0 172.16.1.0 255.255.255.0

crypto ipsec transform-set myset esp-des esp-hd5-hmac

crypto map mymap 10 set peer 10.22.12.22

crypto map mymap 10 set transform-set myset

crypto map mymap interface outside

Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)

Total IKE SA: 1

1 IKE Peer: 10.12.28.5

Type : user Role : initiator

Rekey : no State : MM_WAIT_MSG4

Hi Dennis,

Can you post the configurations on both sides of tunnel? Many of the settings much match. Here is an example that should at least bring the tunnel up:

ASA1:

crypto isakmp policy 10 hash md5

crypto isakmp policy 10 authentication pre-share

crypto isakmp policy 10 encryption des

crypto isakmp policy 10 group 2

crypto isakmp policy 10 lifetime 86400

crypto isakmp enable outside

crypto map mymap 10 match address 100

access-list 100 permit ip 172.16.3.0 255.255.255.0 172.16.1.0 255.255.255.0

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto map mymap 10 set peer 10.22.12.22

crypto map mymap 10 set transform-set myset

crypto map mymap 10 set pfs

crypto map mymap interface outside

ASA2:

crypto isakmp policy 10 hash md5

crypto isakmp policy 10 authentication pre-share

crypto isakmp policy 10 encryption des

crypto isakmp policy 10 group 2

crypto isakmp policy 10 lifetime 86400

crypto isakmp enable outside

crypto map mymap 10 match address 100

access-list 100 permit ip 172.16.1.0 255.255.255.0 172.16.3.0 255.255.255.0

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto map mymap 10 set peer 10.22.12.21

crypto map mymap 10 set transform-set myset

crypto map mymap 10 set pfs

crypto map mymap interface outside

As I mentioned, if you are still having trouble, please post your existing configs that exist on each side of the tunnel.

Hope that helps.

-Mike

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: