After upgrading to 9.0(3) from 8.4(6), I noticed the standby firewall was not receiving the "ip address" statement for the outside interface from the primary, even after a force resync. After applying the statement on the standby manually, it began responding again. I performed the failover, and the same thing happened on the primary (formally active) firewall after arriving at 9.0(3). Once again I applied the workaround on the standby appliance and it began working. If I reload the standby, it will boot with no outside interface IP address (even after making sure I do a wr mem).
After fiddling with it a bit, if I (re)apply the "ip address" statement on the interface config of the ACTIVE unit, i get the following message:
ip address x..x.236.210 255.255.255.240 standby x.x.236.211
ERROR: Failed to apply IP address to interface Ethernet0/0, as the network overlaps with interface Virtual254. Two interfaces cannot be in the same subnet.
What is this Virtual254 interface? Are there any workarounds/remedies for this? Google did not help me on this one.
Re: IP Overlap with "Virtual254" after 9.0(3) Upgrade
I recently upgraded our ASA 5510 to from 8.4 to 9.1 and then reset it. I am getting this exact same error. I'm trying to assign an ip address to an interface, and even though I have started this configuration over completely from scratch I get that same error. I don't think that there is any possible way that I have the same subnet configured somewhere else.
A simple reboot of the ASA fixed the problem for me. I guess interface Virtual254 is used for port channels. I didn't have any configured on it, but we previously did before I performed the upgrade and reset it back to factory defaults. Some process must have gotten stuck during the upgrade, the reboot fixed it.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...