I am not aware of any other special "route" configurations on the ASA for default route other than the "tunneled" route meant for VPN traffic. Then again I am not sure if there has been some changes for example related to the ASA5500-X Series since its management interface was forced to "management-only" unlike the original ASA5500 Series which let you remove it.
So I am wondering why you have a default route towards the management interface? Maybe this part of the problem. One reason might also be NAT configuration that doesnt specify the actual interface where the internal hosts are located at but in that case there should not be a problem unless there was a problem with the routing.
Maybe you could provide us with the "packet-tracer" output of the above connection logged if its targeted to a public IP address in a Static NAT / Static PAT configuration?
Maybe I am not understanding the intended use of the managment interface. I have read the various forums concerning it but don't seem to grasp it.
The default route for the managment interface is intended to allow reachability of systems not within the same vlan or network as the management interface. So basically relying on the upstream router. Does the management need to be truly OOB ? And systems needing access to it should be on the same VLAN /network ? I just don't see any concise documentaion on what it can or can not do.
The default route is probably messing with it as you suggested. A " show route inside" and " show route management" has the same default route address. I was expecting to see two different default route address based on source interface specified.
I don't really use the Management interface much on the ASA units. In the past with the original ASA5500 Series I tended to use it as the Failover link which in the new series I guess is not possible anymore.
I would like to see the "packet-tracer" output to determine what is actually happening. If that doesnt help would really need to see some configurations to determine the cause of the problem. To my understanding you have a connection that should be forwarded to "inside" but is getting passed to the "mgmt" at the moment. So there either has to be some NAT or routing that is causing the problem.
I agree that the routing in place is causing some of the issues. Trying to get the mgmt interface to work is too much of a headache, especially without a true OOB set-up. I can't play around with the connected routers because of impact...I have decided to not use the management interface. Thanks for your input though.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :