Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA management interfaces

Hi,

We have an ASA 5585-X SSP40 that has 2 management ports 0/0 and 0/1.

We have 2 Catalyst switches (switch1 and switch2) working as management switches and they carry the management VLAN.

I was wondering if we could connect management 0/0 to switch1 and management 0/1 to switch2 and configure both interfaces with an IP inside the management VLAN. So both interfaces will be in the same subnet.

 

My goal is if switch 1 fails I will still have reachability to the ASA through switch 2 and management port 0/1.

Thanks a lot.

Regards,

J

 

 

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Your addressed interfaces on

Your addressed interfaces on a given ASA must all be in unique subnets. So you will not be able to configure both M0/0 and M0/1 in the same subnet.

That model of a firewall is almost always setup in an HA pair so the standby unit's M0/0 could be connected to switch 2.

You could also setup M0/1 in a unique subnet and create a new LAN for that on the switches.

One other option is to allow management access to the ASA via the inside interface (restricted to access from your designated admin networks if you like).

2 REPLIES
Hall of Fame Super Silver

Your addressed interfaces on

Your addressed interfaces on a given ASA must all be in unique subnets. So you will not be able to configure both M0/0 and M0/1 in the same subnet.

That model of a firewall is almost always setup in an HA pair so the standby unit's M0/0 could be connected to switch 2.

You could also setup M0/1 in a unique subnet and create a new LAN for that on the switches.

One other option is to allow management access to the ASA via the inside interface (restricted to access from your designated admin networks if you like).

New Member

Thanks a lot Marvin. I will

Thanks a lot Marvin. I will then use a different VLAN for each management interface.

I was thinking to channel them, but as our four ASA FWs are in cluster between DCs if we lose the management interface of one we will lose the management of all the ASA, so it is better to get a second VLAN and the port attached to the second switch.

 

Thanks for the help.

Regards,

J

108
Views
5
Helpful
2
Replies
CreatePlease login to create content