Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Secondary IP on Outside Interface

Hi

Is it possible to have seconday ip address on OUTSIDE Interface of ASA 5540 8.0(4) ? I am trying to get new ip scheme for our network and I have 1200 tunnels terminating to this box.I want to gradually move them to new IP address rather than replacing the IP of OUTSIDE Interface

Thanks

9 REPLIES

Re: Secondary IP on Outside Interface

Both PIX and ASAs don't support secondary ip addresses.

Syed

New Member

Re: Secondary IP on Outside Interface

If I add an another interface to ASA and configure it with new ip ,can I terminate tunnels to this interface ?

Gold

Re: Secondary IP on Outside Interface

is the new IP address in the same subnet as the existing outside interface?

New Member

Re: Secondary IP on Outside Interface

NO,It is anew subnet

Gold

Re: Secondary IP on Outside Interface

then use an unused interface, or create a subinterface and apply the new IP.

New Member

Re: Secondary IP on Outside Interface

OK

Today I have route for outside going through existing IP.When I add new interface and ip do I need to add any extra routing ?

New Member

Re: Secondary IP on Outside Interface

On the ASA, there is only ONE default gw possible.

You have to add a static route for each site-to-site vpn (public IP and branch-LAN) to use the new WAN-interface.

New Member

Re: Secondary IP on Outside Interface

Is the following route correct ? ALso do I have to name it "Outside" and same security level as the existing "outside" interface

"route add outside 172.17.2.0 255.255.255.0 19.x.x.x "

where 172.17.2.0 = LAN on the other side of tunnel and

19.x.x.x =public ip of my new interface

New Member

Re: Secondary IP on Outside Interface

If Outside is your new interface, here is your route statement.

route Outside 172.17.2.0 255.255.255.0

You don't want to route to your public interface, you want to route to the new interface's default route. Check out this example below for a full configuration idea.

2 interfaces: E1, E2

E1 is for all traffic but VPN

E2 is for VPN only

Default gateway for E1 is 77.0.0.1

Default gateway for E2 is 88.0.0.1

VPN peer is 65.0.0.1 255.255.255.255

VPN lan addresses 10.0.0.0 255.0.0.0

route E1 0.0.0.0 0.0.0.0 77.0.0.1

route E2 65.0.0.1 255.255.255.255 88.0.0.1

route E2 10.0.0.0 255.0.0.0 88.0.0.1

178
Views
0
Helpful
9
Replies