Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
594
Views
0
Helpful
1
Replies

ASA-5520 Multiple-context - Mgmt Inteface problem...

javiercastro
Level 1
Level 1

‎05-12-2008 07:38 AM - edited ‎03-11-2019 05:43 AM

I have the following issue with the management interface of an ASA5520 running version 7.0(7).

I'm currently using two contexts in transparent mode.

The management interface is currently assigned to the admin-context and is physically connected to a cat4500 switch in a management Vlan.

The issue is that I have intermitent communication with this IP address from the 4500 and I just can't explain what's going on, the IP address configured in the management port is not repeated in the vlan and the interface vlan in the 4500 is always UP.

This is the configuration I am using in ASA:

*****system space*****

firewall transparent

!

interface GigabitEthernet0/0

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

!

interface GigabitEthernet0/3

!

interface Management0/0

speed 100

duplex full

!

admin-context admin

context admin

allocate-interface GigabitEthernet0/0

allocate-interface GigabitEthernet0/1

allocate-interface Management0/0

!

context VPN

allocate-interface GigabitEthernet0/2

allocate-interface GigabitEthernet0/3

!

****CONTEXT ADMIN******

interface Management0/0

nameif gestion

security-level 0

management-only

!

interface GigabitEthernet0/0

nameif inside

security-level 100

!

interface GigabitEthernet0/1

nameif outside

security-level 0

!

access-list 199 extended permit ip any any

!

mtu gestion 1500

mtu inside 1500

mtu outside 1500

ip address 10.8.129.254 255.255.255.0

arp timeout 14400

access-group 199 in interface gestion

access-group 100 in interface inside

access-group 101 in interface outside

route gestion 0.0.0.0 0.0.0.0 10.8.129.1 1

!

aaa authentication ssh console LOCAL

http server enable

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh 10.0.0.0 255.0.0.0 gestion

ssh timeout 5

ssh version 1

dhcpd lease 3600

dhcpd ping_timeout 50

!

As I explained it is possible to log into the ASA using SSH but the connection is dropped at some point. I also need to upgrade the software version but the tftp session is dropped due to lack of conectivity.

Does anybody have a clue regarding the possible solution?

Many thanks

Labels:
0 Helpful
1 Reply 1

smahbub
Level 6
Level 6

‎05-16-2008 01:41 PM

The adaptive security appliance has a dedicated interface for device management that is referred to as the Management0/0 port. The Management0/0 port is a Fast Ethernet interface. This port is similar to the Console port, but the Management0/0 port only accepts incoming traffic to the adaptive security appliance.You can configure any interface to be a management-only interface using the management-only command. You can also disable management-only mode on the management interface. For more information about this command, see the management-only command in the Cisco Security Appliance Command Reference prsent in the link below:

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/intparam.html#wp1051819

refer the link below for troubleshooting guide:

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/trouble.html#wp1042019

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card