cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
15142
Views
5
Helpful
16
Replies

ASA Management interface

thomasandy32
Level 1
Level 1

Hello,

I have conencted my management interface on core with a different vlan from which inside interface is connected,My inside interface is in vlan 100 and management interface is in vlan 150,i m not able to ping my SVI interface of management on core from ASA (directly connected). The line protocol is down on ASA but the cable are connected and light are also glowing on core and also in ASA.

1 Accepted Solution

Accepted Solutions

Are you running the firewall in multicontext mode?

If you are, have you done no shut for the m0/0 in the system context?

Otherwise, it may be best to contact the TAC to get further asisstance with troubleshooting the interface issue.

Regards,

View solution in original post

16 Replies 16

Hi,

The management interface can be used just as any other Ethernet interface on the ASA.

The ''sh interface'' on the ASA shows the line protocol down? So, it shows up/down?

Can you check the cable and the status of the interface of the other device (which it connects directly to)?

Federico.

Hello Dear,

The light glows on the interface of core and firewall, but the config down and protocol is down.

Can you post a ''sh interface '' for both the ASA management and the Core SVI that are directly connected?

Federico.

Hello,

Here is the below show output from ASA and core switch:

ASA-PRI# sh int ip brief
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0         X>X>X>X      YES CONFIG up                    up
GigabitEthernet0/1        X>X>X>X     YES CONFIG up                    up
GigabitEthernet0/2         X>X>X>X    YES CONFIG up                    up
GigabitEthernet0/3         X>X>>X>X     YES unset  down                  down
Internal-Control0/0        127.0.1.1       YES unset  up                    up
Internal-Data0/0           unassigned      YES unset  up                    up
Management0/0              10.10.6.3      YES CONFIG down                  down
Virtual145                 unassigned      YES unset  up                    up


CORE(config-if)#do sh ip int brief

Interface              IP-Address      OK? Method Status                Protocol

Vlan6                  10.10.6.6     YES NVRAM  up                    up

GigabitEthernet2/1    unassigned      YES unset  up                    up

Can you please include what is configured on the asa interface Management 0/0, and also the configuration on the port, to which the ASA interface is connected to.

I belive you are saying the switch port is GigE 2/1 that is connected to management0/0

Regards,

Hello Edadios,

I belive you are saying the switch port is GigE 2/1 that is connected to  management0/0

YES

I have configured on Core:

Core conf t# int gig0/6

Core conf if# sw mo acc

  Core conf ift#sw acc vlan 6

int vlan 6

ip add 10.10.6.1 255.255.255.192

On ASA management interface:      

interface Management0/0
nameif management
security-level 100
ip address 10.10.6.3 255.255.255.192 standby 10.10.6.4
management-only

interface GigabitEthernet0/1
  nameif inside
security-level 100
  ip address 192.168.2.1 255.255.255.240 standby 192.168.2.2

OOhhhhhh ! I think the same security level is not allowing the interface to come up and to speak to inside interface,My inside interface is connected to Core sw and also my management interface is connected to core sw but both in different vlan.

What i shld do on management interface to come up ????????

Thanks

Is it gig2/1 or gig0/6 that the management port of ASA is connected to on the switch?

Can you please physically check the port that management 0/0 is connected to on the switch, and then once you have confirmed that, please provide the configuration that is showing for that interface on the switch.

Regards,

Hello dear,

Its is gig 2/1 not the gig0/6, it is a typing mistake by me,the output i have provided to u in my previous mail it is correct.all connection are correct and perfect i m missing something in ASA,

I repeat once more the SVI on core interface up line protocol up and on the layer 2 port on core interface up and line protocol up  (which is in vlan 6) but on firewall config down and protocol down.

Thanks

Hello Dears,

Can anybody help me for the above problem please.

Please unplug the cable you have connected on the ASA management 0/0.

Then please provide the output of the switch port 2/1 status.

From the switch

sh int vlan6

what does the above output show? You can try the following on the switch.

conf t

int vlan6

no shut

exit

ping 10.10.6.1 from the switch. Is vlan 6 created in the switch's database? "sh vlan id 6" on the switch show expected output?

On the firewall side what does "sh int m0/0" show?

You can try

conf t

int m0/0

no shut

Then try to ping10.10.6.3 from the firewall and see it it responds.

-KS

Hello Dear,

i have tried all these before and also with speed settings and duplex settings but no outcome,can u suggest me on something to do on firewall am i missing anything,

On core,

interface up protocol up

On ASA

config down protocol down.

this is the status

i have changed the cables but no result,the light glows but no connectivity

Something could be wrong with the management interface of the ASA (it has a working cable and it is enabled connected to a working device, and still shows down/down)

If you check the ARP table on the CORE do you see the MAC address of the management interface of the ASA?

This CORE switch and the ASA are directly connected correct? With what type of cable?

Federico.

Are you running the firewall in multicontext mode?

If you are, have you done no shut for the m0/0 in the system context?

Otherwise, it may be best to contact the TAC to get further asisstance with troubleshooting the interface issue.

Regards,

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: