As far as I'm aware, you can use the management interface as a data interface by just changing the ''management-only'' under the interface.
The restriction based on license is if you have a base license all five interfaces are 10/100, but if you have the security plus license, 2 of those interfaces can run at 10/100/1000
Let me know if this one helps:
That link says you can turn the management interface into a data interface with the command ''no management-only'' and there's no license required to do that.
I happen to have an ASA-5510 with Base License sitting here with me:
GTI-Secure# sh ver
Cisco Adaptive Security Appliance Software Version 8.0(4)
Detected an old ASDM version.
You will need to upgrade it before using ASDM.
Compiled on Thu 07-Aug-08 20:53 by builders
System image file is "disk0:/asa804-k8.bin"
Config file at boot was "startup-config"
GTI-Secure up 117 days 9 hours
Hardware: ASA5510-K8, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash AT49LW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.05
0: Ext: Ethernet0/0 : address is 000a.b89c.c802, irq 9
1: Ext: Ethernet0/1 : address is 000a.b89c.c803, irq 9
2: Ext: Ethernet0/2 : address is 000a.b89c.c804, irq 9
3: Ext: Ethernet0/3 : address is 000a.b89c.c805, irq 9
4: Ext: Management0/0 : address is 000a.b89c.c806, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 50
Inside Hosts : Unlimited
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 0
GTP/GPRS : Disabled
VPN Peers : 250
WebVPN Peers : 2
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
UC Proxy Sessions : 2
This platform has a Base license.
no ip address
GTI-Secure(config)# int mana
GTI-Secure(config)# int management 0/0
GTI-Secure(config-if)# no management-only
no ip address
So, the management interface can be used as a data interface.
Please go through this link
I agree that the "no management-only " command is accepted by ASA 5510 with base license , as i do have a customer firewall which accepts that However can you please check if the through traffic traverses across that or not .Thanks !
Yes, the management interface can be used to pass normal data traffic when you disable "management-only" from the management interface with ASA 5510 base license when you are running version 7.2.2 and above if i am not mistaken. The earlier version of code with ASA 5510 base license only allows the management interface as management only interface, not data traffic.
Can you please let me know if this NetPro document is correct or not which clearly says that Management interface would require Sec plus license to have data interface functionality enabled in 5510.
The document is correct for the earlier version of ASA code. The later version of code supports management interface as a data or pass through interface.
Initially when ASA 5510 was just introduced, base license was only restricted to 3 interfaces with 1 management interface (that only allows mgmt traffic). However, since 7.2.2, ASA 5510 with base license allow 5 interfaces, and the mgmt interface can be used to pass traffic.