Cisco config guide for asa ver 8 software states; "You can configure an IP address for the Management 0/0 management-only interface. This IP address can be on a separate subnet from the main management IP address."
If we set the global IP to fall in the same subnet as the inside and outside interfaces and then we set Mgmt0/0 to a different subnet we get strange results. The appliance passes traffic for 20-30 seconds then stops for 10-15, then passes again etc. The only strange entry in the log when traffic stops/starts is an entry that says 'device mac xxxxx has moved from inside to mgmt'. A little while later another such entry will appear, but reversed; 'device mac xxxxx has moved from mgmt to inside'. These 'mac moved' messages correlate to the device passing and not passing traffic.
We can get the 5520 to work in transparent mode as long as the mgmt0/0 interface is shutdown and we set the global IP as above. So, it appears that we can't set both a global IP and an IP on the mgmt0/0 interface as various documents say we can --- true?
To set the management IP address, enter the following command:
hostname(config)# ip address ip_address [mask] [standby ip_address]
This address must be on the same subnet as the upstream and downstream routers. You cannot set the subnet to a host subnet (255.255.255.255). This address must be IPv4; the transparent firewall does not support IPv6.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :