Solved: ASA 5510 with a SSM-10 - Page 2

Edward Luna · ‎02-05-2012

Hello folks

Brand new user. I just received my hardware and I'm attempting to set it up. No problems with setting up the 5510 so far. I used eth 0/0 for Outside and eth 0/3 for inside. Everything works as far a I can tell. Now I'm trying to set up the SSM-10 and I'm running into a problem with the ip address on the ASA management port and the SSM-10 management port.

I used the ASDM to run the setup wizzard for the SSM-10 and it appeared that the setup wizzard completed normally, I received the messages at the end of the setup wizzard and they all said OK, but now when I attempt to get to the SSM-10 from the ASDM I get a message saying the management port on the SSM-10 is unreachable. I assume this is because the PC I'm running ASDM on is connected to the 5510 Management port 0/0 with ip address 192,168,1.1 and the SSM-10 management port is connected to my network with ip address 10.1.1.4. Obviously I would need a route to get from 192.168.1.1 to 10.1.1.4 but I have no idea where I should create that route.

I read someplace that if you setup the management port for "Manage Only" that all traffic stops at the management port and is not passed anyplace else. I'm not certain I know exactly what that means but it's a good bet I've got something setup wrong.

Okay... I took the long way around but my question is... how can I get ASDM to talk to SSM-10 when they are on two different subnets and the system will not allow me to set them up on the same subnet?

Thanks for listening.

Edward Luna · ‎02-06-2012

Mike

Ok... I see it. It shows 0.0.0.0.0.0.0.0[1/0] via xx.xx.xx.xx (my external IP address)

It aslo showed the same thing in the ASDM under Monitor>routes>route.

The reason I can't use DHCP on the external is because in the production environment the ASA5510 connects to an upstream router that doesn't provide DHCP. I'm working in the test environment at the moment and it does provide DHCP.

I should be able to make it work now with all the information you have provided.

I'll let you know and thanks again.

Ed

Edward Luna · ‎02-07-2012

Hello Mike

I changed back to DHCP (but I can't run that way in production) and ran a Show Route command.

Here is what it listed: (note: Internet access works in this configuration)

Gateway of last resort is gateway to network 0.0.0.0

c xx.xx.xx.xx 255.255.255.248 is directly connected, Internet

c 192.168.1.1 255.255.255.0 is directly connected, management

s 0.0.0.0 255.255.255.255 [1/0] via gateway, Internet

d* 0.0.0.0.0.0.0.0 [1/0] via gateway, Internet

After I change the external interface to a static IP, the "show route" looks like the following:

Gateway of last resort is not set.

c xx.xx.xx.xx 255.255.255.248 is directly connected, Internet

c 192.168.1.1 255.255.255.0 is directly connected, management

s 0.0.0.0. 255.255.255.255 [1/0] via gateway, Internet

the d* is missing.

If I could find a single entry in the help text (or online) that describes how to set the "Gateway of Last Resort" I think my problem would be solved but for some inexplicable reason, Cisco decided to use the term "Gateway of Last Resort" in their Show Route command but neglected to use the same term in their help text, which makes it rather hard to find in the help text tomb.

How do I set the Gateway of Last resort and please be painfully specific... I'm a total noob when it comes to anything Cisco.

Thanks

Ed

Maykol Rojas · ‎02-07-2012

No worries,

The mask of the Address 0.0.0.0 should also be 0.0.0.0 so the star appears and the default gateway starts working.

Mike

Edward Luna · ‎02-07-2012

Mike

I got it working by entering the following on the command line... route internet 0 0 (external interface ip) 1

That command created the static route 0.0.0.0.0.0.0.0 [1/0] via Gateway, Internet

Internet access is now working fine when the external interface is configured with a static IP.

Thank's for all your help... I couldn't have done it without you.

Ed

Maykol Rojas · ‎02-07-2012

Glad I could help.

Cheers,

Mike