mgmnt port as HA port

Answered Question
May 9th, 2007
User Badges:

hello,

is it possible to use the management port of asa 5520 as link to the other 5520 for redundancy (HA)?


thanks

You can configure any interface to be a management-only interface using the management-only command. You can also disable management-only mode on the management interface.


The ASA 5510 and higher adaptive security appliance includes a dedicated management interface called Management 0/0, which is meant to support traffic to the security appliance. However, you can configure any interface to be a management-only interface using the management-only command. Also, for Management 0/0, you can disable management-only mode so the interface can pass through traffic just like any other interface.


Transparent firewall mode allows only two interfaces to pass through traffic; however, on the ASA 5510 and higher adaptive security appliance, you can use the Management 0/0 interface (either the physical interface or a subinterface) as a third interface for management traffic. The mode is not configurable in this case and must always be management-only. You can also set the IP address of this interface in transparent mode if you want this interface to be on a different subnet from the management IP address, which is assigned to the security appliance or context, and not to individual interfaces.


Examples

The following example disables management-only mode on the management interface:


hostname(config)# interface management0/0

hostname(config-if)# no management-only

The following example enables management-only mode on a subinterface:


hostname(config)# interface gigabitethernet0/2.1

hostname(config-subif)# management-only



ref: http://www.cisco.com/en/US/products/ps6120/products_command_reference_chapter09186a008063f573.html#wp1780826


Please rate if you are satisfied.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
Loading.
Correct Answer

You can configure any interface to be a management-only interface using the management-only command. You can also disable management-only mode on the management interface.


The ASA 5510 and higher adaptive security appliance includes a dedicated management interface called Management 0/0, which is meant to support traffic to the security appliance. However, you can configure any interface to be a management-only interface using the management-only command. Also, for Management 0/0, you can disable management-only mode so the interface can pass through traffic just like any other interface.


Transparent firewall mode allows only two interfaces to pass through traffic; however, on the ASA 5510 and higher adaptive security appliance, you can use the Management 0/0 interface (either the physical interface or a subinterface) as a third interface for management traffic. The mode is not configurable in this case and must always be management-only. You can also set the IP address of this interface in transparent mode if you want this interface to be on a different subnet from the management IP address, which is assigned to the security appliance or context, and not to individual interfaces.


Examples

The following example disables management-only mode on the management interface:


hostname(config)# interface management0/0

hostname(config-if)# no management-only

The following example enables management-only mode on a subinterface:


hostname(config)# interface gigabitethernet0/2.1

hostname(config-subif)# management-only



ref: http://www.cisco.com/en/US/products/ps6120/products_command_reference_chapter09186a008063f573.html#wp1780826


Please rate if you are satisfied.

Actions

This Discussion