cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
706
Views
0
Helpful
5
Replies

Unable to access ASA via Managment Interface

Chts
Level 1
Level 1

Hi

I have deployed ASA on Firepower 4100 series Chassis, configured one of the data interface as a management interface with an IP address. I have connected a laptop directly to the management interface try to ping - unable to ping. Global policy is inspecting icmp.

 

sh run int et1/5
!
interface Ethernet1/5
management-only
nameif management
security-level 100

ip address 10.10.10.3 255.255.255.0

 

on the logs the following I see.. I have not enabled ipv6 under management interface as you see above but

 

%ASA-6-302021: Teardown ICMP connection for faddr ff02::1/0 gaddr fe80::200:ff:fe01:3/0 laddr fe80::200:ff:fe01:3/0 type 134 code 0 

Anyone experienced this?

 

 

 

5 Replies 5

Rahul Govindan
VIP Alumni
VIP Alumni

These look like Neighbour discovery messages for ICMPv6. Hosts automatically sent solicitation and advertisement messages to peers in a link. Is your machine IPv6 enabled? This could be when it tries to send to the link local address of its peer. 

Hi Rahul,

Thanks for the reply.

My machine(laptop) is not enable with ipv6, I have assigned ipv4 address to the management interface where I have connected my laptop directly with the same subnet of IP address and tried pinging management ip, not responding.

 

This looks like suspicious for me, have you connected console and able to ping locally in the 4100 and check the interface status, when you connected laptop.

 

BB

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

I have. On the Chassis, the management interface(one of the data interface change type to mgmt.) allocated for ASA is up and inside ASA interface status showing up and up. but when I connect my laptop directly to that interface with the same subnet IP not able to ping in any direction.

aaron.hackney
Level 1
Level 1

It is possible there is a policy preventing ICMP.

1. Have you added your laptop IP to the SSH/HTTP allow lists on that interface and tried SSH/HTTPS?

2. Have you tried issuing a packet-tracer on this port with ICMP and/or SSH/HTTPS? What were the results?

-A

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: