Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA 5505 outside IP address overlapp with inside

This is our situation. On the outside interface we have  ip add which we translated in ip add on inside interface. Also this host on LAN has secondary address How configure on ASA when internal clients ping or access to  use it on inside interface not going to outside. Note: other similar devices use alias command. Is ti possible configurie on ASA?

Any help!

Community Member

Re: ASA 5505 outside IP address overlapp with inside


It looks like what you are wanting to do is a u-turn/hairpinning. This is also assuming you are running 8.2 or earlier.

From what I gather you need to ping a device with two IP addresses:

1. To its primary IP (This works now I assume)

2. To its secondary IP (This does not work, again assumption)

but the problem right now you don't want it to take the default route outside when pinging

For the sake of example, lets say is on the inside and we want to u-turn on this interface.

Here is the configuration we would need.

same-security-traffic permit intra-interface //This allows us to go from inside to inside

nat (inside) 1 //Most configurations already have this just make sure that the nat ID (1 in this case) matches the global below

global (inside) 1 interface //This allows the ASA to act as a proxy between the hosts to avoid asymmetric routing

static (inside,inside) netmask // This is used to do identity destination NAT

You can see another example of this configuration below

CreatePlease to create content