Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Cisco Ironport management interface IP configuration?

Hi,

For configuring the management interface IP for Cisco Ironport device, should it be on the public IP address or private IP address? Could you please confirm the IP address desing for the ironport management interface? thanks

arman

4 REPLIES
Cisco Employee

Re: Cisco Ironport management interface IP configuration?

Greetings Aman,

The answer to this question depends on several factors, what you intend to do with the appliance, how you intend on allowing access to the appliance and where it sits in your network. Typically customers will utilize the management interface on their internal network thus giving it a private IP. This way the web interface, ssh and ftp access are allowed internally but not to the public.  Those services can be enabled on other interfaces as well, but the most common practice is to set up the management interface for internal access only on your private network.

Christopher C Smith
CSE

Cisco IronPort Customer Support 

Community Member

Re: Cisco Ironport management interface IP configuration?

Sorry for the resurrection of an 8 year old thread, but I would like to use the management port on my internal network to handle ssh and ftp as mentioned in this thread. However there doesn't appear to be a separate default gateway for the management port. Am I missing something? Does it share the same routing table and default gateway as the "data" ports? How does the management port know how to get to internal services? And if static routes are configured to point internal services through the mgmt port, isn't there a possibility that unwanted traffic could be routed from the other data interfaces to the management port?

Community Member

Re: Cisco Ironport management interface IP configuration?

We tried the same about 1 year ago and finally gave up as there seems to be
only one default gateway supported.

Might be worthwhile to open a feature request for this. You got my vote.
Cisco Employee

Re: Cisco Ironport management interface IP configuration?

Hey Calicolin,

You are correct - there routing tables are shared across all interfaces.

There is only one configurable default gateway as you had noticed.

 

The other interface's configured to be used, would need to have a static route with the 'gateway' for them configured within the same routing table you see in the GUI > Network > Routing.

 

If other traffic is indeed routed into the Management interface, then they will leave the default gateway as your comment suspects as well (or any static routes configured for the traffic) - you would only be able to restrict the traffic from the Interface settings by the associated protocols and ports.

 

Generally from my experience, under more strict network environments - the management interface is configured to only allow HTTPS and SSH (443 and 22) so outside of this, it won't accept any other protocols even if the traffic is routed to that port.

 

Regards,

Matthew

857
Views
0
Helpful
4
Replies
CreatePlease to create content