cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

324
Views
20
Helpful
7
Replies
Highlighted

Allow FXOS management from ASA data interfaces

On FP2100 running as ASA appliance mode, how can I have http and ssh access to FXOS via ASA inside data interface. 

FXOS management interface in 192.168.45.45/24 and ASA inside interface is 10.0.0.0/24. 

What configuration is required to make it possible? or

Do I have to connect Management/1 also on network ?

 

2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
VIP Advisor

Hi,

Connect m1/1 to the switch because this is the one used by firepower module
on asa. Then use ASA as gateway for the module (e.g. 192.168.45.1). Next
you should be able to access the fxos from side. Keep in mind that
192.168.45.1 (or any other asa IP) should be on seperate interface
connected to switch on the same vlan as m1/1


***** please remember to rate useful posts

View solution in original post

Highlighted

The easiest way would be to connect the appliance management interface used by FX-OS to an inside switch where it will have a VLAN and gateway for the 192.168.45..0/24 subnet. You could possibly change the FX-OS interface to be in 10.0.0.0/24 if you don't want to use a second subnet. Its routing table (just a default gateway) could be the ASA data interface (although that's a bit recursive-seeming it should work as they are completely separate software images).

View solution in original post

7 REPLIES 7
Highlighted
VIP Advisor

Hi,

Connect m1/1 to the switch because this is the one used by firepower module
on asa. Then use ASA as gateway for the module (e.g. 192.168.45.1). Next
you should be able to access the fxos from side. Keep in mind that
192.168.45.1 (or any other asa IP) should be on seperate interface
connected to switch on the same vlan as m1/1


***** please remember to rate useful posts

View solution in original post

Highlighted

Thanks for reply Mohammed. 

So, if I want to access FXOS remotely, then the 192.168.45.45 should be routable, right? and I will connect to 192.168.45.45 for https(443) and ssh?

Highlighted

That's correct.

*** please remember to rate useful posts
Highlighted

The easiest way would be to connect the appliance management interface used by FX-OS to an inside switch where it will have a VLAN and gateway for the 192.168.45..0/24 subnet. You could possibly change the FX-OS interface to be in 10.0.0.0/24 if you don't want to use a second subnet. Its routing table (just a default gateway) could be the ASA data interface (although that's a bit recursive-seeming it should work as they are completely separate software images).

View solution in original post

Highlighted

Hey Marvin

I have tried the second option of FXOS management and ASA data interface in same subnet but it did not work. I'll try it again though.

Thanks

Highlighted

Depending how you are approaching it (with the ASA dataplane being the gateway) you may also need some other settings (like "same-security intra-interface" if coming from inside or a NAT and ACL if coming from outside).

Highlighted

Got this working guys. Thanks a lot for your valuable help.

 

FXOS and ASA mgmt interface -  switch  VLAN 1 -- gateway - int vlan 1

ASA data interface- switch VLAN 2

Content for Community-Ad