02-16-2009 10:02 AM - edited 03-11-2019 07:51 AM
Good afternoon guys,
I'd like to do a vlan with 2 interfaces and just one IP, can I do it?
02-16-2009 10:10 AM
Denis
Could you give a few more details.
You can use transparent mode where you have 2 vlans with one IP but by the sounds of it this is not what you want.
Are you asking if the ASA can support IRB (Intergrated Routing/Bridging) where 2 interfaces on your ASA are in the same vlan and share an IP address ?
Jon
02-16-2009 10:51 AM
Yes Jon, something like IRB
02-16-2009 11:40 AM
Denis
I'm not aware of the ASA supporting the likes of IRB but then i have never found the need to configure it so i'm not 100% certain on that. I have had a quick look at the configuration docs and couldn't find anything other than transparent mode which is slightly different ie. you bridge together 2 vlans.
Unfortunately i don't have access to an ASA to test but i don't think this is supported.
Jon
02-16-2009 11:55 AM
Well, I need to link 2 computers into the ASA using necessarily 2 ASA's interfaces.
and I need to put the same IP address on both interfaces, because the computers have the same configuration
Anybody?
02-16-2009 12:33 PM
I need to do a vpn between two ASA 5520 with the basic IOS, can I do it?
02-16-2009 07:12 PM
Hi Denis,
In response to your second question: yes, you can configure a basic VPN tunnel between two ASA's. Take a look at the following link for more details and configuration examples:
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/ike.html
Hope that helps.
-Mike
02-18-2009 03:03 PM
Mike,
Do you have a configuration for me to do a vpn between 2 ASA 5520?
I tried use some commands from the guide that u sent to me , but without sucess
02-19-2009 03:13 AM
Anybody has a configuration for me to do a vpn between 2 ASA 5520?
I tried use some commands from the guide isakmp/ipsec , but without sucess
And a solution to a backup route, I found the command "track" on the internet, but didnt work on 5520
thanks
02-19-2009 03:24 AM
Here is the vpn configuration and the results
crypto isakmp policy 10 hash md5
crypto isakmp policy 10 authentication pre-share
crypto isakmp enable outside
crypto map mymap 10 match address 100
access-list 100 permit ip 172.16.3.0 255.255.255.0 172.16.1.0 255.255.255.0
crypto ipsec transform-set myset esp-des esp-hd5-hmac
crypto map mymap 10 set peer 10.22.12.22
crypto map mymap 10 set transform-set myset
crypto map mymap interface outside
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1
1 IKE Peer: 10.12.28.5
Type : user Role : initiator
Rekey : no State : MM_WAIT_MSG4
03-12-2009 02:53 PM
Hi Dennis,
Can you post the configurations on both sides of tunnel? Many of the settings much match. Here is an example that should at least bring the tunnel up:
ASA1:
crypto isakmp policy 10 hash md5
crypto isakmp policy 10 authentication pre-share
crypto isakmp policy 10 encryption des
crypto isakmp policy 10 group 2
crypto isakmp policy 10 lifetime 86400
crypto isakmp enable outside
crypto map mymap 10 match address 100
access-list 100 permit ip 172.16.3.0 255.255.255.0 172.16.1.0 255.255.255.0
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto map mymap 10 set peer 10.22.12.22
crypto map mymap 10 set transform-set myset
crypto map mymap 10 set pfs
crypto map mymap interface outside
ASA2:
crypto isakmp policy 10 hash md5
crypto isakmp policy 10 authentication pre-share
crypto isakmp policy 10 encryption des
crypto isakmp policy 10 group 2
crypto isakmp policy 10 lifetime 86400
crypto isakmp enable outside
crypto map mymap 10 match address 100
access-list 100 permit ip 172.16.1.0 255.255.255.0 172.16.3.0 255.255.255.0
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto map mymap 10 set peer 10.22.12.21
crypto map mymap 10 set transform-set myset
crypto map mymap 10 set pfs
crypto map mymap interface outside
As I mentioned, if you are still having trouble, please post your existing configs that exist on each side of the tunnel.
Hope that helps.
-Mike
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: