Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA management Interface

Two ASA-5510 in failover.

I have configured the Management Interfaces, connected to a separate VLAN, thinking that the IP address of this Interface is tied to the "physical unity.

That is: Primary has allways 192.168.0.1 and Secondary has allways 192.168.0.2

!

interface Management0/0

nameif MANAGEMENT

security-level 100

ip address 192.168.0.1 255.255.255.0

management-only

!

Differently from the failover Interfaces, where the IP address is tied to the "role": the active unity has always 172.27.252.1 and the stand-by unity has alway 172.27.252.2

Or at least it was so, up to some version ago ...

!

interface Ethernet0/1

nameif INSIDE

security-level 100

ip address 172.27.252.1 255.255.255.240 standby 172.27.252.2

!

Now (9.1.4) I see that ALSO the management IP "move" together with the role.

And I can not set two IP address separately.

And this complicate the management of the two units...

Is this an issue of my config or and there some way to fix this problem ?

Best regards,

Claudio

Everyone's tags (3)
1 REPLY
Hall of Fame Super Silver

ASA management Interface

In your example above the first section showing a management interface configuration will result in the standby unit of an HA pair having no address on its management interface. The configuration synchronization includes the management interface configuration.

If you need separate direct IP reachability of the management interface, you should set it up just like your inside interface address is setup - with a standby address designated.

201
Views
0
Helpful
1
Replies
CreatePlease to create content