mgmnt port as HA port

Answered Question
May 9th, 2007

hello,

is it possible to use the management port of asa 5520 as link to the other 5520 for redundancy (HA)?


thanks

You can configure any interface to be a management-only interface using the management-only command. You can also disable management-only mode on the management interface.


The ASA 5510 and higher adaptive security appliance includes a dedicated management interface called Management 0/0, which is meant to support traffic to the security appliance. However, you can configure any interface to be a management-only interface using the management-only command. Also, for Management 0/0, you can disable management-only mode so the interface can pass through traffic just like any other interface.


Transparent firewall mode allows only two interfaces to pass through traffic; however, on the ASA 5510 and higher adaptive security appliance, you can use the Management 0/0 interface (either the physical interface or a subinterface) as a third interface for management traffic. The mode is not configurable in this case and must always be management-only. You can also set the IP address of this interface in transparent mode if you want this interface to be on a different subnet from the management IP address, which is assigned to the security appliance or context, and not to individual interfaces.


Examples

The following example disables management-only mode on the management interface:


hostname(config)# interface management0/0

hostname(config-if)# no management-only

The following example enables management-only mode on a subinterface:


hostname(config)# interface gigabitethernet0/2.1

hostname(config-subif)# management-only



ref: http://www.cisco.com/en/US/products/ps6120/products_command_reference_chapter09186a008063f573.html#wp1780826


Please rate if you are satisfied.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
Loading.
Correct Answer

You can configure any interface to be a management-only interface using the management-only command. You can also disable management-only mode on the management interface.


The ASA 5510 and higher adaptive security appliance includes a dedicated management interface called Management 0/0, which is meant to support traffic to the security appliance. However, you can configure any interface to be a management-only interface using the management-only command. Also, for Management 0/0, you can disable management-only mode so the interface can pass through traffic just like any other interface.


Transparent firewall mode allows only two interfaces to pass through traffic; however, on the ASA 5510 and higher adaptive security appliance, you can use the Management 0/0 interface (either the physical interface or a subinterface) as a third interface for management traffic. The mode is not configurable in this case and must always be management-only. You can also set the IP address of this interface in transparent mode if you want this interface to be on a different subnet from the management IP address, which is assigned to the security appliance or context, and not to individual interfaces.


Examples

The following example disables management-only mode on the management interface:


hostname(config)# interface management0/0

hostname(config-if)# no management-only

The following example enables management-only mode on a subinterface:


hostname(config)# interface gigabitethernet0/2.1

hostname(config-subif)# management-only



ref: http://www.cisco.com/en/US/products/ps6120/products_command_reference_chapter09186a008063f573.html#wp1780826


Please rate if you are satisfied.

Actions

This Discussion