cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2791
Views
0
Helpful
6
Replies

ASA 5540 internal secondary address possible?

rwiechman
Level 1
Level 1

Is it possible to add a secondary address to an internal interface in order to combine two internal lans on the same physical one, like you can do with most l3 routers?

Thanks,  Roger

6 Replies 6

YANGCCIE4
Level 1
Level 1

Hi,

>Is it possible to add a secondary address to an internal interface   ------------ do you mean to a pc or a server NIC  , ---- YES. we can set a second ip address for the other LAN

>in  order to combine two internal lans on the same physical one, like you  can do with >most l3 routers?

hope it helps

Yang

On a traditional router, you can do this to have a shared lan:

Interface g0/0

  IP address 10.10.10.1 255.255.255.0

  IP address 10.20.20.1 255.255.255.0 secondary

allowing hosts using either address range to use the same routed interface, and

share the same physical lan.

I don't see any way to do something similar with an internal asa interface, which

would be very helpful to expand the size of an internal network.

Roger

can we use the sub-interface instead of  one interface with second ip address,

I guess it would be more clear for the network design, right ?

hope it helps

Yang

Well, a sub-interface is a fully functional second lan.  This is not what I need to accomplish

my intended use.

Roger

vilaxmi
Cisco Employee
Cisco Employee

Hello,

Cisco ASAs are not designed to support secondary addresses at this point.

May the developers see the customer's demands online..

HTH

Vijaya

People with this requirement point the route to the interface IP in which case FW will arp for the destination IP.

Pls. read command reference here:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/qr.html#wp1767323

If the route command uses the IP address from one of the interfaces on the security appliance as the gateway IP address, the security appliance will ARP for the destination IP address in the packet instead of ARPing for the gateway IP address.

-KS

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: