cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


126
Views
0
Helpful
3
Replies
Beginner

Access ASDM from the BVI interface (ASA 5508X)

Hello

I'm new to cisco ASA with Firepower if possible to help me on this subject

I have an architecture where my ASA is between two switchs L2 in truck mode I used the transparent mode with BVI interfaces to pass the trafic from switch 1 (Inside) to switch 2 (Outside,side of gateway) it works but I have some problem as shown below:

 

- Since the ASA I can ping a single gateway of both VLANs but all hosts are pingable
- I can't use the BVI interface as an access interface with the ASDM (BVI interface not pingable)
- I have an oracle cluster with a virtual interface that I can't ping knowing that the physical interfaces are accessible

 

I attach the architecture and configuration of the ASA ,

Thank you in advance for your help

 

Regards.

 

Everyone's tags (1)
3 REPLIES 3
Rising star

Re: Access ASDM from the BVI interface (ASA 5508X)

 


The transparent mode allows you to assign an IP address to a management interface.
If you are not using a dedicated management interface, the default gateway of the trans-parent firewall is typically the downstream router toward the inside interface. The security appliance sends traffic to the default gateway for the networks that it does not know about. If you are using a dedicated management interface, the default gateway is typically the router that resides toward the management interface.

please do not forget to rate.
Beginner

Re: Access ASDM from the BVI interface (ASA 5508X)

Hello Salim

Thank you so much for your return.

 

- In my case if I want to use the BVI20 interface of the firewall as a management interface (ASDM) what I must add to the configuration in order to a access from the outside ?

 

- And If I use the didicated management interface I have to assign a subnetwork different from the VLan 184,481 and 185,581 and also create the gateway at my L3 router after I add a route to the management interface for example:

My outside access network is 192.168.1.0/24
Network dedicated to the management interface on ASA is 10.0.186.0/24
At the ASA I add #route management 192.168.1.0 255.255.255.0 10.0.186.0

 

- Another question is the transparent mode with BVI that I have chosen correct for my architecture or can I use another solution to pass traffic (Vlan 185 and Vlan 184) between the ASA?

Thank you again for your help

 

Regards.

Rising star

Re: Access ASDM from the BVI interface (ASA 5508X)

 

My outside access network is 192.168.1.0/24
Network dedicated to the management interface on ASA is 10.0.186.0/24
At the ASA I add #route management 192.168.1.0 255.255.255.0 10.0.186.0

 

 

it would be like this.

 

interface man0/0

 nameif mgmt 

 managment-only

 security-level 100

 ip address 10.0.186.1 255.255.255.0 

 no shut

!

route mgmt 0.0.0.0 0.0.0.0 10.0.186.254

 

 

 

 

- Another question is the transparent mode with BVI that I have chosen correct for my architecture or can I use another solution to pass traffic (Vlan 185 and Vlan 184) between the ASA?

 

-if you have mutlicontext licenses you can create a separate context and segregate each BVI to into a specific context.

 

 

   In my case if I want to use the BVI20 interface of the firewall as a management interface (ASDM) what I must add to the configuration in order to a access from the outside ?

 

 the default gateway of the transparent firewall is typicall the downstream router towards the inside interface when the managment interface is not in use. therefore the router will be

!

router inside 0.0.0.0 0.0.0.0 172.16.1.2

please do not forget to rate.