Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11484
Views
5
Helpful
4
Replies

ASA Management Interface default gateway

Go to solution
uthayaman elangovan
Level 1
Level 1

‎05-02-2018 07:53 AM - edited ‎02-21-2020 07:41 AM

Hi,

 

We are using 5506x version 9.8.x with firepower. We wanted to manage SFR and ASA with IPs(192.168.1.x) from subnet behind the ASA indside interface. This subnet is terminated in L3 switch behind ASA. 

We have a route for this subnet (192.168.1.x) in ASA towards L3 switch. ASA management interface is connected in the switch and SFR is configured with IP 192.168.1.10 and working properly.

can we use the same mgmt interface to mange ASA ?

If i assign an IP on  Management1/1 from 192.168.1.x, we will be able to manage firewall via this IP ? Which default gateway do mgmt interface routing table prefer ? if mgmt routing table is maintained separately, how do i define default gateway for Mgmt interface ?

Subnet 192.168.1.x will be considered as directly connected subnet in ASA ? 

 

 

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Dennis Mink
VIP Alumni
VIP Alumni

‎05-03-2018 05:06 AM - edited ‎05-03-2018 05:07 AM

add: route management 0.0.0.0 0.0.0.0 10.10.10.1  for instance

 

that should do it (this is off an asa running 9.8)

Please remember to rate useful posts, by clicking on the stars below.

View solution in original post

Go to solution
uthayaman elangovan
Level 1
Level 1
In response to Florin Barhala

‎05-04-2018 06:41 AM

Yes. I tried to add the IP and route. ASA is treating MGMT routing table as different than the global routing table. I am able to manage ASA as well as the SFR with the same interface on different IP from the same subnet.

 

Thank you all

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Florin Barhala
Level 6
Level 6

‎05-03-2018 01:51 AM

I don't think you can have a SEPARATE default gw for the mgmt "routing table" - unless Cisco has released this feature recently and I' not aware of it.
What you can do instead is to configure routing information for the mgmt hosts you use to manage the ASA. You can do this through static routes - but this might alter some production traffic or you can do PBR aka for you mgmt. station traffic on ASA will use mgmt interface rather than what's on the routing table already.
0 Helpful

Go to solution
Dennis Mink
VIP Alumni
VIP Alumni

‎05-03-2018 05:06 AM - edited ‎05-03-2018 05:07 AM

add: route management 0.0.0.0 0.0.0.0 10.10.10.1  for instance

 

that should do it (this is off an asa running 9.8)

Please remember to rate useful posts, by clicking on the stars below.

Go to solution
Florin Barhala
Level 6
Level 6
In response to Dennis Mink

‎05-03-2018 06:18 AM

So will this basically "create two routing tables" on that ASA?
0 Helpful

Go to solution
uthayaman elangovan
Level 1
Level 1
In response to Florin Barhala

‎05-04-2018 06:41 AM

Yes. I tried to add the IP and route. ASA is treating MGMT routing table as different than the global routing table. I am able to manage ASA as well as the SFR with the same interface on different IP from the same subnet.

 

Thank you all

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card