Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA Management Port Best Practices

What is the recommended configuration for the management port on an ASA when in single contect mode and OSPF enabled.

Im in the process of migrating from a 525 to 5520. Im not sure how to handle the routing for accessing the management interface. I use OSPF to obtain my inside network routing, and I wonder how accessing the management port from another network will work.

6 REPLIES
Silver

Re: ASA Management Port Best Practices

What version of software are you using in the ASA box ?

New Member

Re: ASA Management Port Best Practices

We are using 7.2(1)

Re: ASA Management Port Best Practices

Hi,

You just need to treat it like any other interface. Say you connect from network A - assuming it's not directly connected to the ASA then you'll need a static route to network A from the ASA (pointing to whatever the next hop on the management lan is).

In our environment we can't use management-only interfaces because the management stations need internet access as well, which happens to pass through the ASA - so we just manage using the inside interface IP.

They make good failover interfaces tho' ;-)

HTH

Andrew.

New Member

Re: ASA Management Port Best Practices

Hi Andrew, I am just about to setup a new ASA 5520 and was wondering that very thing you mentioned, using the management interface for failover. Are there any problems with doing this?

Thank you

Brian

Re: ASA Management Port Best Practices

Hi Brian,

We did very thorough lab testing with this and the management interfaces performed just like normal ones when configured "no management-only". Since implementation we've had a couple of real failover situations and it's all worked perfectly.

HTH

Andrew.

New Member

Re: ASA Management Port Best Practices

Thank you Andrew for the info.

1866
Views
10
Helpful
6
Replies
CreatePlease to create content