07-06-2016 08:09 AM
Hello all,
My question is something that i personally consider a strange question. Normally I use the loopback interface to management my remotes devices, since can be a viewed as a "always up" interface.
I checked that asa 5505 doesn't have loopback interfaces, only physical interfaces and vlans, what means that they should be connected in order to be up (reachable).
Anyone have any idea how can I management a remote ASA using a private ip address that should be always up? (thought VPN site-to-site).
PS: I'm using IOS 8.2 (5)
Thanks in advance :)
07-06-2016 06:16 PM
Well if its at one end of a site-site VPN, it is by definition up if the VPN is also up.
If it's not terminating the VPN, then the physical management interface (m0/0) can be used.
07-07-2016 01:22 AM
Hello Marvin,
Thanks for the reply. Just one question... what is up by definition? The interface that is configured as management-only?Asa 5505 doesn't have m0/0 interface.
By definition it goes up if the vpn is up even if it doesn't have a physical connection? Sorry all this questions but I unknown that fact at all.
Thank you,
Regards
07-07-2016 04:06 AM
Sorry - I forgot the 5505 is the only ASA hardware model that does NOT have a dedicated management interface.
What I meant about VPN applies if the ASA 5505 is terminating the remote end of the VPN. For that to work, the interface must be up. However that would be a public IP address.
If the public IP address is up, the box must be up and thus you should be able to manage it using that. You can also manage it using one of the VLAN virtual layer 3 interfaces.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide