ASA with Firepower - IP Addressing for inside interface and management interface

Waterbird · ‎12-07-2018

I have ASA5506-X (9.8.2) with firepower services.

I'm working on the initial set up of firepower and am confused on how the IP addressing should be done.

The ASA has already be configured with BVI / all inside interfaces set to 192.186.2.1 (which is not the default value)

Questions:

1. Do I set the management interface on the ASA to 192.168.2.2, to no ip address, or to another IP address on a different subnet? And... why?

2. On the firepower module, do I set the management IP address to 192.168.2.1, or something else on the same subnet as the inside interface, or something on a different subnet? And.. why?

3. Is it sufficient to use a crossover cable to connect the first inside interface to the management interface, or is a switch necessary? Please explain if possible.

phil.hydea · ‎12-07-2018

Hi waterbird

1) Set the management interface with an IP address within same subnet
(managed with the ASDM)
2) Set the Firepower mgmt interface with an IP address within same subnet
(managed with the FMC)
3) Crossover cable or straight-thru cable required as Auto-MDI/MDIX is
enabled by default

Cheers
Phil

Waterbird · ‎12-07-2018

I went ahead and did 192.168.2.2 on the firepower's management interface, no ip address on the ASA management interface (which is physically the same port), and kept the inside interface as 192.168.2.1. Pings work from the ASA to the firepower management IP address I set.

phil.hydea · ‎12-07-2018

I'm not sure what you mean by 'not running ASA'.

It sounds like you have the correct setup now. So the mgmt interface
belongs to the ASA Firepower module and the inside interface is used for
the ASA mgmt. 100%

Good luck!
For any other setup info check:
https://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/5506X/5506x-quick-start.html

#- Please type your reply above this line -##