Solved: Management IP can't be on the same net as the gateway?

JamesNewton · ‎10-22-2018

Setup our ASA 5505 back in the day, no problem, but this ASA 5506X is killing me. I have

interface Management1/1
management-only
nameif management
security-level 0
ip address 192.168.0.3 255.255.255.0
Firewalls, ASA 5506-X, ASA,

but now it won't let me setup gi 1/1 as any IP on that subnet. "The ip address, 192.168.0.2/255.255.255.0 can not overlap with the subnet of interface management"

I know on my 5505 I had management and inside on the same ip address. Do I have to configure the inside address first and then not specify an IP for the management port? I was kind of hoping to have that as a totally separate physical RJ-45 port, so it could only be administered on the net if I specifically mechanically plugged in that cable.

Dennis Mink · ‎10-22-2018

If you can stick them on different IP addresses, as up can see from the output it will not let you configure the same subnet on different physical IP addresses. just create a separate VLAN even if its just a /30 for your management, this way you can filter access to it easier.

Please remember to rate useful posts, by clicking on the stars below.

View solution in original post

Mohammed al Baqari · ‎10-22-2018

This isn't allowed in 5506-X when its running as ASA. You can do it if you
have FTD running on ASA5506-X but not on ASA OS

Dennis Mink · ‎10-22-2018

If you can stick them on different IP addresses, as up can see from the output it will not let you configure the same subnet on different physical IP addresses. just create a separate VLAN even if its just a /30 for your management, this way you can filter access to it easier.

Please remember to rate useful posts, by clicking on the stars below.