Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2373
Views
0
Helpful
3
Replies

ASA5520 - management interface

julxu
Level 1
Level 1

‎02-25-2007 04:32 PM - edited ‎03-09-2019 05:28 PM

I have a problem to configure management interface.

What I did is:

route outside-admin 0.0.0.0 0.0.0.0 10.1.1.1 1

route management myserver 255.255.255.255 10.1.83.1 1

I expected it should allowed me to access thought myserver by management and the rest machine in subnet 10.1.83.0/24 should go by default.

However, all PC in internal LAN can not get connection on subnet 10.1.83.0/24.

I tried to remove the route mnagement, but, I can not reach the ip anymore.

Can I make the management interface as a normal interface which allowed me to access, but not a route interface, as CSS do?

Any comments will be appreciated

Thanks in advance

Labels:
0 Helpful
3 Replies 3

jgervia_2
Level 1
Level 1

‎02-25-2007 07:29 PM

Hello,

Trying to understand what you want to do here. You want to route a single IP address through your management interface -

1) make sure that under the interface configuration for managment you do a 'no management-only' so that the interface will route traffic

2) Now the second part is you want myserver to go out the management server to 10.1.83.1, which looks right.

3) The only question I have now is that it looks to me like the 10.1.83.x network is off the management interface - otherwise how could you route to .1? If you expect everything else to go out the default route you need to make sure the subnet mask for the management interface is correct.

--Jason

0 Helpful

julxu
Level 1
Level 1
In response to jgervia_2

‎02-25-2007 07:56 PM

Thanks for reply.

What I want is to configure:

1. all ssh session to the box, managent traffic, such as asdm traffic, box's snmp traffic all go to management interface to myserver.

2. the rest traffic go to outside interface.

Obviously, I configure this wrongly. So the result becomes that the subnet which myserver is located, can not be see by internal LAN.

How can I correct it?

Pls advice, Many thanks.

0 Helpful

kaachary
Cisco Employee
Cisco Employee
In response to julxu

‎02-26-2007 02:09 AM

Hi,

The management interface is meant only for management traffic, it can not pass through traffic.

If you want to pass through traffic on the managment interface, you have to issue :

no managment-only

in the interface mode.

Hope this helps.

-Kanishka

0 Helpful
Customers Also Viewed These Support Documents