ASA-5520 Multiple-context - Mgmt Inteface problem...

javiercastro — Mon, 11 Mar 2019 12:43:39 GMT

I have the following issue with the management interface of an ASA5520 running version 7.0(7).

I'm currently using two contexts in transparent mode.

The management interface is currently assigned to the admin-context and is physically connected to a cat4500 switch in a management Vlan.

The issue is that I have intermitent communication with this IP address from the 4500 and I just can't explain what's going on, the IP address configured in the management port is not repeated in the vlan and the interface vlan in the 4500 is always UP.

This is the configuration I am using in ASA:

*****system space*****

firewall transparent

interface GigabitEthernet0/0

interface GigabitEthernet0/1

interface GigabitEthernet0/2

interface GigabitEthernet0/3

interface Management0/0

speed 100

duplex full

admin-context admin

context admin

allocate-interface GigabitEthernet0/0

allocate-interface GigabitEthernet0/1

allocate-interface Management0/0

context VPN

allocate-interface GigabitEthernet0/2

allocate-interface GigabitEthernet0/3

****CONTEXT ADMIN******

interface Management0/0

nameif gestion

security-level 0

management-only

interface GigabitEthernet0/0

nameif inside

security-level 100

interface GigabitEthernet0/1

nameif outside

security-level 0

access-list 199 extended permit ip any any

mtu gestion 1500

mtu inside 1500

mtu outside 1500

ip address 10.8.129.254 255.255.255.0

arp timeout 14400

access-group 199 in interface gestion

access-group 100 in interface inside

access-group 101 in interface outside

route gestion 0.0.0.0 0.0.0.0 10.8.129.1 1

aaa authentication ssh console LOCAL

http server enable

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh 10.0.0.0 255.0.0.0 gestion

ssh timeout 5

ssh version 1

dhcpd lease 3600

dhcpd ping_timeout 50

As I explained it is possible to log into the ASA using SSH but the connection is dropped at some point. I also need to upgrade the software version but the tftp session is dropped due to lack of conectivity.

Does anybody have a clue regarding the possible solution?

Many thanks

Re: ASA-5520 Multiple-context - Mgmt Inteface problem...

smahbub — Fri, 16 May 2008 20:41:18 GMT

The adaptive security appliance has a dedicated interface for device management that is referred to as the Management0/0 port. The Management0/0 port is a Fast Ethernet interface. This port is similar to the Console port, but the Management0/0 port only accepts incoming traffic to the adaptive security appliance.You can configure any interface to be a management-only interface using the management-only command. You can also disable management-only mode on the management interface. For more information about this command, see the management-only command in the Cisco Security Appliance Command Reference prsent in the link below:

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/intparam.html#wp1051819

refer the link below for troubleshooting guide:

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/trouble.html#wp1042019

topic ASA-5520 Multiple-context - Mgmt Inteface problem... in Network Security

ASA-5520 Multiple-context - Mgmt Inteface problem...

Re: ASA-5520 Multiple-context - Mgmt Inteface problem...