06-05-2009 04:40 AM - edited 03-11-2019 08:40 AM
Can anyone help? I am unable to access the management interface of my ASA unless I am in the same subnet. There does not seem to be any way to give it a gateway address. So I have to manage the ASA inband via the inside interface.
The interface config is:
interface Management0/0
nameif mgmt
security-level 12
ip address 10.10.20.155 255.255.255.0
no pim
no igmp
management-only
06-05-2009 12:29 PM
Hi Piaras,
Perhaps I am misunderstanding your question, but what you are experiencing is expected.
If you are attempting to manage the ASA from a host in your inside subnet, you must connect to the inside interface. The firewall does not support connecting across the firewall to a far-side interface.
Hope that helps.
-Mike
06-05-2009 05:36 PM
Mike,
How are you?
This is a management-only interface. You cannot route traffic through this interface. Just FYI.
Like Mike says if you are off the inside interface, you can only telnet/asdm/ssh to the inside interface IP. You cannot stay in the inside and try to telnet to the mgmt or outside interface IP.
Now, where is this management interface plugged into? If it is a switch, does the switch have an IP address that belongs in this subnet? If it does, then, you need to add a route on the firewall.
Your host/client IP is x.x.x.x
route mgmt x.x.x.x 255.255.255.255 10.10.20.Y where 10.10.20.y is the IP address of the next hop in the mgmt interface.
If routing on the switch is configured correctly you should be able to reach the mgmt interface from your client.
06-11-2009 06:58 AM
Hi,
I have previously tried adding a management interface route for my host to the ASA. Even though the management interface is not supposed to allow through traffic the ASA then tried to route all traffic for my host via the management interface.
I can't be the only person with an ASA that has a production traffic network as well as a management network. My host resides on the production network. The management interface of the ASA is assigned to the management network. When I try to telnet/ssh to the management interface of the ASA - nothing. It doesn't work. Thanks for any help.
Regards,
Piaras
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide