Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
652
Views
0
Helpful
3
Replies

ASA 5505 management via something like loopback

Tiago Reis
Level 1
Level 1

‎07-06-2016 08:09 AM

Hello all,

My question is something that i personally consider a strange question. Normally I use the loopback interface to management my remotes devices, since can be a viewed as a "always up" interface.

I checked that asa 5505 doesn't have loopback interfaces, only physical interfaces and vlans, what means that they should be connected in order to be up (reachable).

Anyone have any idea how can I management a remote ASA using a private ip address that should be always up? (thought VPN site-to-site).

PS: I'm using IOS 8.2 (5)

Thanks in advance :)

Labels:
0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-06-2016 06:16 PM

Well if its at one end of a site-site VPN, it is by definition up if the VPN is also up.

If it's not terminating the VPN, then the physical management interface (m0/0) can be used.

0 Helpful

Tiago Reis
Level 1
Level 1
In response to Marvin Rhoads

‎07-07-2016 01:22 AM

Hello Marvin,

Thanks for the reply. Just one question... what is up by definition? The interface that is configured as management-only?Asa 5505 doesn't have m0/0 interface.

By definition it goes up if the vpn is up even if it doesn't have a physical connection? Sorry all this questions but I unknown that fact at all. 

Thank you,

Regards

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Tiago Reis

‎07-07-2016 04:06 AM

Sorry - I forgot the 5505 is the only ASA hardware model that does NOT have a dedicated management interface.

What I meant about VPN applies if the ASA 5505 is terminating the remote end of the VPN. For that to work, the interface must be up. However that would be a public IP address.

If the public IP address is up, the box must be up and thus you should be able to manage it using that. You can also manage it using one of the VLAN virtual layer 3 interfaces.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents