ASA5520 - Mgmt0/0 and global IP

Unanswered Question
Feb 18th, 2009

Cisco config guide for asa ver 8 software states; "You can configure an IP address for the Management 0/0 management-only interface. This IP address can be on a separate subnet from the main management IP address."

If we set the global IP to fall in the same subnet as the inside and outside interfaces and then we set Mgmt0/0 to a different subnet we get strange results. The appliance passes traffic for 20-30 seconds then stops for 10-15, then passes again etc. The only strange entry in the log when traffic stops/starts is an entry that says 'device mac xxxxx has moved from inside to mgmt'. A little while later another such entry will appear, but reversed; 'device mac xxxxx has moved from mgmt to inside'. These 'mac moved' messages correlate to the device passing and not passing traffic.

We can get the 5520 to work in transparent mode as long as the mgmt0/0 interface is shutdown and we set the global IP as above. So, it appears that we can't set both a global IP and an IP on the mgmt0/0 interface as various documents say we can --- true?

ref: using asa 8.0(4)

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Anonymous (not verified) Tue, 02/24/2009 - 06:55

To set the management IP address, enter the following command:

hostname(config)# ip address ip_address [mask] [standby ip_address]

This address must be on the same subnet as the upstream and downstream routers. You cannot set the subnet to a host subnet ( This address must be IPv4; the transparent firewall does not support IPv6.


This Discussion