cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

253
Views
0
Helpful
1
Replies
mfruvous
Beginner

Access to the MGMT interface

Hello,

I have and ASA 5510 and would like to be able to access the MGMT network including the AIP-SSM module from the internal network. I am a Cisco newbie.

Mgmt port: 192.168.22.1

AIP SSM Mgmt port: 192.168.22.254

Internal network: 192.168.1.0/24

I can create the access-list okay but I am having trouble setting up the NAT. The error is “portmap translation creation failed for tcp src Internal 192.168.1.17/1098 dst management:192.168.22.254.”

Is what I would like to do even possible? And if so, what would the NAT be?

Thank you in advance.

Andrea

1 REPLY 1
cmcbride
Beginner

Well to configure no nating between the interfaces it would be:

access-list nonat-inside permit ip 192.168.1.0 255.255.255.0 192.168.22.0 255.255.255.0

access-list nonat-mgmt permit ip 192.168.22.0 255.255.255.0 192.168.1.0 255.255.255.0

nat (mgmt) 0 access-list nonat-mgmt

nat (inside) 0 access-list nonat-inside