ASA Management Port problem

Unanswered Question
Mar 19th, 2009

I have a new 5520 ASA that I am putting on to the network tonight. I set up the management port with the address of our management subnet and have it plugged into our core switch but for some reason I can't reach it via SSH, telnet or the ASDM. I have set up rules in the ASA to allow access to the device from my subnet to the ASA via SSH, telnet and http. I have a switch on the network that is also set up to use this network for management and I can reach the switch from my desk. Both the switch that I can reach and the ASA that I can't reach are plugged in to the same core switch.

Does anyone have any ideas as to why I can't access the management port?

P.S. I did take off the DHCP configuration on the ASA that gives IP addresses to devices plugged in to the management port.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
robertson.michael Thu, 03/19/2009 - 12:54

Hi Malinda,

Can you post a sanitized version of your configuration? If so, please include the IP address of the client that you are trying to access the ASA from.

-Mike

maldavis3697 Thu, 03/19/2009 - 13:07

Actually I think I figured out the problem...

Our inside network is the 10. network and there is a route in the ASA to send all the traffic for the 10. network out the inside interface. We don't have the inside interface connected yet so that is probably why we can't get a response...all the return traffic is getting sent to the inside interface instead of the management.

One other thing I wonder about though...

All the traffic that is sent out through the firewall is NATed to a different address as it goes out.

Our internal network is mainly 10.50.0.0/16 and 10.80.0.0/16 networks.

The route on the ASA says to send all traffic for 10.0.0.0 through the inside interface.

Our IT department is all on the 10.80.10.0/28 network.

If I put a route on the ASA that specified that the traffic received from 10.80.10.0/28 network would be sent back out the management port would that send general traffic that had been NATed out to the internet and was coming back in through the management port as well? Or would it go out the inside interface because it originated from that interface?

Thanks!

Actions

This Discussion