Up this moment I have an ASA management-only interface connected to a Management_VLAN which routed in the LAN's Core Switch Management_VLAN interface,
This core switch routes Internet Access thorugh the ASA_Inside Interface (Default Gateway).
Now I need allow Internet Access to the Management_VLAN (Updates and NTP). I would like to route this traffic with the Core Switch Default Gateway (through ASA_Inside) but ASA don't allow that because Management_VLAN is directely connected to ASA.
How can I solve this and allow internet access in the management vlan?
In some setups the Management networks routing is completely separated from the native routing table of the L3 switches and routers (using VRFs). This would eliminate any overlap and other problems in routing. You could then use the ASAs Management interface as the default gateway for Management network Internet traffic.
Naturally this is not really an easy option in an existing network.
So I wonder would it be perhaps possible to configure a NAT between the Management Vlan and the Inside Vlan so that connections from the Management address space would be NATed on the L3 switch to an IP address that the ASA has a route towards the Inside? This should to my understanding eliminate any problems related to the ASA routing.
If I understood you correctly your problem is that the ASA will currently see Internet bound traffic coming from the Management network on its Inside interface and these connections fail because the ASA can see the Management network from another directly connected interface?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...