Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1333
Views
0
Helpful
3
Replies

ASA management interface -

plwalsh
Level 1
Level 1

‎06-05-2009 04:40 AM - edited ‎03-11-2019 08:40 AM

Can anyone help? I am unable to access the management interface of my ASA unless I am in the same subnet. There does not seem to be any way to give it a gateway address. So I have to manage the ASA inband via the inside interface.

The interface config is:

interface Management0/0

nameif mgmt

security-level 12

ip address 10.10.20.155 255.255.255.0

no pim

no igmp

management-only

Labels:
0 Helpful
3 Replies 3

robertson.michael
Level 3
Level 3

‎06-05-2009 12:29 PM

Hi Piaras,

Perhaps I am misunderstanding your question, but what you are experiencing is expected.

If you are attempting to manage the ASA from a host in your inside subnet, you must connect to the inside interface. The firewall does not support connecting across the firewall to a far-side interface.

Hope that helps.

-Mike

0 Helpful

Kureli Sankar
Cisco Employee
Cisco Employee
In response to robertson.michael

‎06-05-2009 05:36 PM

Mike,

How are you?

This is a management-only interface. You cannot route traffic through this interface. Just FYI.

Like Mike says if you are off the inside interface, you can only telnet/asdm/ssh to the inside interface IP. You cannot stay in the inside and try to telnet to the mgmt or outside interface IP.

Now, where is this management interface plugged into? If it is a switch, does the switch have an IP address that belongs in this subnet? If it does, then, you need to add a route on the firewall.

Your host/client IP is x.x.x.x

route mgmt x.x.x.x 255.255.255.255 10.10.20.Y where 10.10.20.y is the IP address of the next hop in the mgmt interface.

If routing on the switch is configured correctly you should be able to reach the mgmt interface from your client.

0 Helpful

plwalsh
Level 1
Level 1
In response to Kureli Sankar

‎06-11-2009 06:58 AM

Hi,

I have previously tried adding a management interface route for my host to the ASA. Even though the management interface is not supposed to allow through traffic the ASA then tried to route all traffic for my host via the management interface.

I can't be the only person with an ASA that has a production traffic network as well as a management network. My host resides on the production network. The management interface of the ASA is assigned to the management network. When I try to telnet/ssh to the management interface of the ASA - nothing. It doesn't work. Thanks for any help.

Regards,

Piaras

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card