11-04-2013 04:52 AM - edited 03-11-2019 07:59 PM
Guys we have a scenario in which we have. Ce router connected to the wan (MPLA cloud) on the LAN side it's connected to Asa the connectivity is router connected to the switch and Asa is connected to the switch as ......we have IPSec VPN to the data centre the issue is that we now want to manage the ce router and firewall from the data centre .....what would be the best way we don't have any spare Ethernet port in router nor firewall ......I was wondering if I make a logical au interface on the firewall and make the connection trunk on switch side and I also make us interface on router and make the connection trunk from the switch to the router will it work...?.
I can then use the sun interface Ip of both fw and router for management ?.. Just want to know well this scenario work......
thanks
11-14-2013 07:08 AM
ASA has the option of management-access that is used to manage the device over VPN through the far end interface where the tunnel ends on the ASA.
I am not sure of how your network looks like so I am not sure if the IP addresses between the LAN of the router and what would be considered the WAN of the ASA are routable???
11-14-2013 11:26 AM
For the router you could configure a loopback interface with a unique IP and advertise that into the BGP process of the MPLS (would be best to have a MGMT VRF for this but not a requirement) and then use that as the management IP. To make it even more secure you could add and ACL to the VTY line only allowing certain IPs the ability to access the device, and limit the management protocol to SSH as telnet is not secure.
For the ASA, as jumora has mentioned, you can use the management-access
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide