Access to the MGMT interface

Unanswered Question

Hello,


I have and ASA 5510 and would like to be able to access the MGMT network including the AIP-SSM module from the internal network. I am a Cisco newbie.


Mgmt port: 192.168.22.1

AIP SSM Mgmt port: 192.168.22.254


Internal network: 192.168.1.0/24


I can create the access-list okay but I am having trouble setting up the NAT. The error is “portmap translation creation failed for tcp src Internal 192.168.1.17/1098 dst management:192.168.22.254.”


Is what I would like to do even possible? And if so, what would the NAT be?


Thank you in advance.

Andrea


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Well to configure no nating between the interfaces it would be:


access-list nonat-inside permit ip 192.168.1.0 255.255.255.0 192.168.22.0 255.255.255.0

access-list nonat-mgmt permit ip 192.168.22.0 255.255.255.0 192.168.1.0 255.255.255.0


nat (mgmt) 0 access-list nonat-mgmt

nat (inside) 0 access-list nonat-inside


Actions

This Discussion