Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
990
Views
5
Helpful
5
Replies

why ASA in transparent mode require same ip subnet to that of connected network

Go to solution
vijay1926
Level 1
Level 1

‎01-13-2014 06:17 AM - edited ‎03-11-2019 08:28 PM

In  ASA transparent mode, Why it is necessary to keep management ip in the same subnet to that of connected network?

what if I keep management ip in diffrent subnet than that of connected network?

If I do so does the traffic move through the asa and why?

thanxs.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎01-13-2014 09:44 AM

Hello Vijay,

As you say you can use another one, That's correct but the thing is that the management IP is not only used for management purporses.

That's were you are missing the point.

That IP address assigned to the ASA as a whole will also be used for ARP requests when the ASA does not know where the destination hosts lies and it's not on the same subnet than the ASA.

It will also be used as a source for packets going to a syslog server, AAA server, Netflow server, SNMP server and any packet that the ASA will need to create so with that in mind the routing of the network will need to be changed to work with this.

If you get to accomplish that the routing of the network works with a different Management IP address on the transparent address then you can do it. I can ensure you I have seen this scenario before working with no issues at all bud.

Just to remember rate all of the helpful posts like this one

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎01-13-2014 09:44 AM

Hello Vijay,

As you say you can use another one, That's correct but the thing is that the management IP is not only used for management purporses.

That's were you are missing the point.

That IP address assigned to the ASA as a whole will also be used for ARP requests when the ASA does not know where the destination hosts lies and it's not on the same subnet than the ASA.

It will also be used as a source for packets going to a syslog server, AAA server, Netflow server, SNMP server and any packet that the ASA will need to create so with that in mind the routing of the network will need to be changed to work with this.

If you get to accomplish that the routing of the network works with a different Management IP address on the transparent address then you can do it. I can ensure you I have seen this scenario before working with no issues at all bud.

Just to remember rate all of the helpful posts like this one

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
vijay1926
Level 1
Level 1
In response to Julio Carvajal

‎01-13-2014 10:29 AM

Thanx jcarvaja ...

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to vijay1926

‎01-13-2014 10:31 AM

Hello Vijay,

Any time Sr.

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
vijay1926
Level 1
Level 1
In response to Julio Carvajal

‎01-13-2014 10:38 AM

thanxs for the reply Julio Carvajal Segura. If I want any assistance regarding networking I will contact you on your Email as you have specified.

Once again thanxs a lot.

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to vijay1926

‎01-13-2014 10:48 AM

Hello Vijay,

Sure, it will be my pleasure to work with you.

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card