As always, thak you for your time and reply.Iam looking to dedicate a interface on ASA only for management ourpose and rest or Internet access only. So with management ONLY , what kind of protocols / traffic will the interface allows? Also, will SNMP server be able to reach this Interface via EZVPN tunnel..?
The management-only will only allow snmp management protocols I have read a link long ago about the exact management protocols but cannot find that link, if I recall correctly it allows snmp, ntp,tftp and few other ones that I can't remember but it will not allow regular traffic like http etc.., in other words the management-only interface will not be like a real routed interface but dedicated for management.
The higher models they do have dedicated management interface. On these higher models when using managememnt interface you are no sacrifying another interface for that purpose.
Now, if you have security plus license you could create sub-interfaces via 802.1q trunking and have a sub-interface dedicated for management only interface, Sec plus license support up to 20 SVI or VLANS so literaty thi is feasable to create a sub-interface and do it that way for this particular model.
I do not see why the management-only interface could not be reachable through a vpn tunnel as long there is an access-list permiting the source to query management interface for stats.
I would have liked to test this scenario but my firewall have basic 10 user Base license and firewall trunking is disabled, but Im almost %100 positive management through sub-interface is totaly feasable.
If anyone in forum have try it we like to hear from you.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...