topic Re: Cisco ASA routing issue in Network Security

Cisco ASA routing issue

NeWGuy1109 — Mon, 30 Aug 2021 11:07:01 GMT

I have a Firepower 2100 (Firewall A) with logical ASA image with a default route pointed towards management interface..i have 2 more subinterface on the same firewall..one is Inside and the other points towards Firewall B.. i want to integrate Firewall with a Cisco ISE Server which is located behind Firewall B.. IP of ISE server is 192.168.1.11 and i have a route 192.168.1.0/24 in Firewall A pointed towards Firewall B via a subinterface...my issue is that i want Firewall A to communicate with ISE Server via Management interface..i have necessary routing set up in the intermediate devices in that path.. but even after adding a route 192.168.1.11 towards management interface in Firewall A.. traffic is going to Firewall B via transit path ..all routing is static.. i am not able to understand why static route 192.168.1.11 towards management is not working and the firewall is preferring 192.168.1.0/24 route towards transit..please assist

Re: Cisco ASA routing issue

Rob Ingram — Mon, 30 Aug 2021 11:38:50 GMT

@NeWGuy1109

I don't think that is possible, the management interface is used for management features such as ssh, snmp, http (asdm), syslog. The RADIUS traffic would be routed via a data interface.

Re: Cisco ASA routing issue

NeWGuy1109 — Mon, 30 Aug 2021 13:51:12 GMT

Thanks..is there a document which i can use as a reference for this ?

Moreover..this doesnt apply to multi context ASA ? because i had a diff set up with multi context FWs.. there i was able to route TACACS traffic via admin context

Re: Cisco ASA routing issue

rmfalconer — Mon, 30 Aug 2021 20:56:26 GMT

If you want the radius traffic to source from the management interface, you need to define that on the radius server configuration. We do radius, tacacs and ldap through the management network.

aaa-server ISE_RADIUS (management) host 192.168.1.11