Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
706
Views
0
Helpful
3
Replies

ASA Management port with different route

Machi Ma
Level 1
Level 1

‎10-17-2013 02:06 AM - edited ‎03-11-2019 07:53 PM

Hi,

I have some ASA 5510 in under setup now.  I got some problem and I would like to connect the Management0/0 to Interenet but it will not same is subnet of "outside" interface.  What should I do.  Following is my part of interface setup:

-------------------------------

!

interface Ethernet0/0

nameif outside

security-level 0

ip address 222.53.77.234 255.255.255.252

!

!

interface Management0/0

nameif management

security-level 100

ip address 202.177.223.1 255.255.255.0

management-only

!

route outside 0.0.0.0 0.0.0.0 222.53.77.233 1

aaa authentication ssh console LOCAL

----------------------------------

I am able to connect with ethernet0/0 interface.  But however, it did not able to connecting with Management0/0.  How should I setup to be allow?

Thanks!

Labels:
0 Helpful
3 Replies 3

Julio Carvajal
VIP Alumni
VIP Alumni

‎10-17-2013 06:42 AM

Hello,

U should plugging a laptop to managment 0/0 and then from that laptop connect to 202.177.223.1.

that interface has the management-access only so no routed traffic can reach that.

Regards,

Jcarvaja

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

narawat
Level 1
Level 1

‎10-17-2013 07:51 PM

Hi Machi,

     Please let me know if i understand your problem correctly:

you want to connect a machine to management interface and want to access internet from there.

For this you would need to make the management interface to be able to use as a data interface by "no management-only" and it you are using Private IP addressing in management interface than you need to add a dynamic NAT for the traffic else we dont need to NAT the traffic.

Please explain the issue with the help of a topology diagram if above is not the case.

Cheers,

Naveen

0 Helpful

Machi Ma
Level 1
Level 1
In response to narawat

‎10-18-2013 02:40 AM

Hello,

Thanks for advise.  However, the Managment interface I will plan to connect to the "back door" which can allow to access from outside directly.  ie.  The outside interface will connecting to primary Internet and management interface will connecting to another ISP which work as a "back door".

Please let me know if still not clear about my idea and I can share more for you.

Thanks!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card