ASA management interface -

Unanswered Question
Jun 5th, 2009

Can anyone help? I am unable to access the management interface of my ASA unless I am in the same subnet. There does not seem to be any way to give it a gateway address. So I have to manage the ASA inband via the inside interface.

The interface config is:

interface Management0/0

nameif mgmt

security-level 12

ip address 10.10.20.155 255.255.255.0

no pim

no igmp

management-only

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
robertson.michael Fri, 06/05/2009 - 12:29

Hi Piaras,

Perhaps I am misunderstanding your question, but what you are experiencing is expected.

If you are attempting to manage the ASA from a host in your inside subnet, you must connect to the inside interface. The firewall does not support connecting across the firewall to a far-side interface.

Hope that helps.

-Mike

Kureli Sankar Fri, 06/05/2009 - 17:36

Mike,

How are you?

This is a management-only interface. You cannot route traffic through this interface. Just FYI.

Like Mike says if you are off the inside interface, you can only telnet/asdm/ssh to the inside interface IP. You cannot stay in the inside and try to telnet to the mgmt or outside interface IP.

Now, where is this management interface plugged into? If it is a switch, does the switch have an IP address that belongs in this subnet? If it does, then, you need to add a route on the firewall.

Your host/client IP is x.x.x.x

route mgmt x.x.x.x 255.255.255.255 10.10.20.Y where 10.10.20.y is the IP address of the next hop in the mgmt interface.

If routing on the switch is configured correctly you should be able to reach the mgmt interface from your client.

plwalsh Thu, 06/11/2009 - 06:58

Hi,

I have previously tried adding a management interface route for my host to the ASA. Even though the management interface is not supposed to allow through traffic the ASA then tried to route all traffic for my host via the management interface.

I can't be the only person with an ASA that has a production traffic network as well as a management network. My host resides on the production network. The management interface of the ASA is assigned to the management network. When I try to telnet/ssh to the management interface of the ASA - nothing. It doesn't work. Thanks for any help.

Regards,

Piaras

Actions

This Discussion