cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
415
Views
0
Helpful
3
Replies

Access Cisco Management IP from Separate VLAN

nfarrar
Level 1
Level 1

I'm confused as to why I can't access the management address for my ASA from a separate VLAN.

I have configured a specific management vlan as 10.10.190.0/24.

I have a user vlan: 10.10.190.0/24. The security levels are the same. When my laptop is connected to the management VLAN, I can access the ASA management IP fine via SSH & ASDM.

When I'm in my HOME vlan, I can access all management devices in the management VLAN except for the ASA interface.

Is there a setting that disables accessing the ASA interface from another VLAN, even with the firewall policy allows it?

 

3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

It usually comes down to the ASA's routing. It's a poor router and can easily get confused if you are trying to reach a connected network (i.e., the management interface) having come into the ASA via any other interface. By default it will try (and fail) to route that traffic "through" the appliance itself. If that's the case you can use a work around of a static route for the management address (/32) via the insiude network gateway. That way the more specific route will take precedence.

I don't think it's a routing issue - the management interface is completely disabled and I have a dedicated VLAN for all management devices.

The management server is enabled on that VLAN interface. If it was a routing issue, then I would imagine I would be unable to get to the other devices in the management VLAN from my workstation in the alternative VLAN.

I could be wrong though, I'll take another look at the routing configuration. Thanks!

Sorry - when you said "management address for my ASA" I assumed you meant the management interface.

You can always check how traffic flows (or fails to flow) through an ASA using the packet-tracer command.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: