Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA Transparent mode use of Management Only Interface

I find the term management ip address a bit confusing when there is a management interface.

I have the firewall in transparent mode and a global ip address assigned to it. All is working as expected.

What I can't seem to get working is the Management Only Interface. I must be missing something simple.

I don't see where routes can be assigned to it and I don't see where there are ACL's for it.

Does the management interface ip address have to be in a different network than the global ip address?

All the sample configurations seem to avoid the management interface.

Thank you!

nyroctodd

4 REPLIES
New Member

Re: ASA Transparent mode use of Management Only Interface

New Member

Re: ASA Transparent mode use of Management Only Interface

Unfortunately, this is the article I find confusing. I have it working already using the global (management)ip address in a single context mode (inside and outside interface).

Now I would like to use the Management 0/0 interface in Management Only mode for exlusive management access to the firewall.

I'm still struggling a bit with the Layer2 firewall idea (Much like a Sonicwall in bridge mode)

The idea is to have a secured zone where management interfaces for all kinds of security devices live (firewalls, ips, ...)

How do I configure the management Only interface? Can I just give an ip and mask and expect it to work?

Do I add ACL's to use this interface if it is in Management Only?

Does it need a route where it is not inline? Does it need a gateway address someplace?

Thanks

New Member

Re: ASA Transparent mode use of Management Only Interface

Ah OK.

Further research brought me to this page:

http://www.cisco.com/en/US/customer/docs/security/asa/asa80/command/reference/m.html#wp1973887

Particular interest should be paid to the 'Usage Guidelines' section, 2nd paragraph.

Quote: "Transparent firewall mode allows only two interfaces to pass through traffic; however, on the ASA 5510 and higher adaptive security appliance, you can use the Management 0/0 interface (either the physical interface or a subinterface) as a third interface for management traffic. The mode is not configurable in this case and must always be management-only. You can also set the IP address of this interface in transparent mode if you want this interface to be on a different subnet from the management IP address, which is assigned to the security appliance or context, and not to individual interfaces. "

New Member

Re: ASA Transparent mode use of Management Only Interface

Is this one OR the other, but not both?

And do you think this means that the Management Only Interface MUST be on a different subnet than the global address?

Is anyone actually doing this?

303
Views
0
Helpful
4
Replies