ASA Management Routing

Mokhalil82 — Mon, 24 Aug 2020 13:11:52 GMT

We have 2 DCs both with HA pair of ASA5516-X firewalls. I use the management interfaces for management purposes. I was trying to configure logging to a syslog server. Syslog server IP is 10.10.10.1

My logging config is:

logging host management 10.10.10.1 udp/1514

logging trap informational

route management 10.10.10.1 255.255.255.255 10.190.11.1

All traffic is allowed outbound on the interfaces

In one DC this works fine and syslog is sent out via the management interface. In the other DC however the traffic gets routed via the inside interface. Now both ASAs have a route to the inside interface for network 10.10.0.0/16 also but i expected the management route for the more specific ip to take precedence

What im trying to figure is how come on one ASA this works fine, whereas on the other is is still trying to route it via the inside interface. There is a software version difference, the one that routes correctly out the management interface is on 9.12(2) however the other one is 9.8(2).

Looking into this I seen there was a new feature of a separate management routing table from version 9.5 onwards. Is it possible I need to upgrade the firewall from version 9.8 to the latest?

Thanks

Re: ASA Management Routing

Francesco Molino — Tue, 25 Aug 2020 03:10:29 GMT

Hi

I know there were bugs in previous versions of management-access was set or other little things but in your 9.8.2, i don't recall if any issues.
Do you have the same config like no nat with any statements and route-lookup on both sides?
Do you have other services configured to use management like radius, tacacs? If yes, are these features working?

topic Re: ASA Management Routing in Network Security

ASA Management Routing

Re: ASA Management Routing