ASA Management Port problem

Unanswered Question
Mar 19th, 2009
User Badges:

I have a new 5520 ASA that I am putting on to the network tonight. I set up the management port with the address of our management subnet and have it plugged into our core switch but for some reason I can't reach it via SSH, telnet or the ASDM. I have set up rules in the ASA to allow access to the device from my subnet to the ASA via SSH, telnet and http. I have a switch on the network that is also set up to use this network for management and I can reach the switch from my desk. Both the switch that I can reach and the ASA that I can't reach are plugged in to the same core switch.

Does anyone have any ideas as to why I can't access the management port?

P.S. I did take off the DHCP configuration on the ASA that gives IP addresses to devices plugged in to the management port.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
robertson.michael Thu, 03/19/2009 - 12:54
User Badges:
  • Silver, 250 points or more

Hi Malinda,

Can you post a sanitized version of your configuration? If so, please include the IP address of the client that you are trying to access the ASA from.


maldavis3697 Thu, 03/19/2009 - 13:07
User Badges:

Actually I think I figured out the problem...

Our inside network is the 10. network and there is a route in the ASA to send all the traffic for the 10. network out the inside interface. We don't have the inside interface connected yet so that is probably why we can't get a response...all the return traffic is getting sent to the inside interface instead of the management.

One other thing I wonder about though...

All the traffic that is sent out through the firewall is NATed to a different address as it goes out.

Our internal network is mainly and networks.

The route on the ASA says to send all traffic for through the inside interface.

Our IT department is all on the network.

If I put a route on the ASA that specified that the traffic received from network would be sent back out the management port would that send general traffic that had been NATed out to the internet and was coming back in through the management port as well? Or would it go out the inside interface because it originated from that interface?



This Discussion