Asa to router connectivity

The_guroo_2 · ‎11-04-2013

Guys we have a scenario in which we have. Ce router connected to the wan (MPLA cloud) on the LAN side it's connected to Asa the connectivity is router connected to the switch and Asa is connected to the switch as ......we have IPSec VPN to the data centre the issue is that we now want to manage the ce router and firewall from the data centre .....what would be the best way we don't have any spare Ethernet port in router nor firewall ......I was wondering if I make a logical au interface on the firewall and make the connection trunk on switch side and I also make us interface on router and make the connection trunk from the switch to the router will it work...?.

I can then use the sun interface Ip of both fw and router for management ?.. Just want to know well this scenario work......

thanks

jumora · ‎11-14-2013

ASA has the option of management-access that is used to manage the device over VPN through the far end interface where the tunnel ends on the ASA.

I am not sure of how your network looks like so I am not sure if the IP addresses between the LAN of the router and what would be considered the WAN of the ASA are routable???

Value our effort and rate the assistance!

Marius Gunnerud · ‎11-14-2013

For the router you could configure a loopback interface with a unique IP and advertise that into the BGP process of the MPLS (would be best to have a MGMT VRF for this but not a requirement) and then use that as the management IP. To make it even more secure you could add and ACL to the VTY line only allowing certain IPs the ability to access the device, and limit the management protocol to SSH as telnet is not secure.

For the ASA, as jumora has mentioned, you can use the management-access command where interface is will be the interface you will initiate a management session to.

--
Please remember to select a correct answer and rate helpful posts