cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1954
Views
20
Helpful
7
Replies

Allow FXOS management from ASA data interfaces

On FP2100 running as ASA appliance mode, how can I have http and ssh access to FXOS via ASA inside data interface. 

FXOS management interface in 192.168.45.45/24 and ASA inside interface is 10.0.0.0/24. 

What configuration is required to make it possible? or

Do I have to connect Management/1 also on network ?

 

2 Accepted Solutions

Accepted Solutions

Hi,

Connect m1/1 to the switch because this is the one used by firepower module
on asa. Then use ASA as gateway for the module (e.g. 192.168.45.1). Next
you should be able to access the fxos from side. Keep in mind that
192.168.45.1 (or any other asa IP) should be on seperate interface
connected to switch on the same vlan as m1/1


***** please remember to rate useful posts

View solution in original post

The easiest way would be to connect the appliance management interface used by FX-OS to an inside switch where it will have a VLAN and gateway for the 192.168.45..0/24 subnet. You could possibly change the FX-OS interface to be in 10.0.0.0/24 if you don't want to use a second subnet. Its routing table (just a default gateway) could be the ASA data interface (although that's a bit recursive-seeming it should work as they are completely separate software images).

View solution in original post

7 Replies 7

Hi,

Connect m1/1 to the switch because this is the one used by firepower module
on asa. Then use ASA as gateway for the module (e.g. 192.168.45.1). Next
you should be able to access the fxos from side. Keep in mind that
192.168.45.1 (or any other asa IP) should be on seperate interface
connected to switch on the same vlan as m1/1


***** please remember to rate useful posts

Thanks for reply Mohammed. 

So, if I want to access FXOS remotely, then the 192.168.45.45 should be routable, right? and I will connect to 192.168.45.45 for https(443) and ssh?

That's correct.

*** please remember to rate useful posts

The easiest way would be to connect the appliance management interface used by FX-OS to an inside switch where it will have a VLAN and gateway for the 192.168.45..0/24 subnet. You could possibly change the FX-OS interface to be in 10.0.0.0/24 if you don't want to use a second subnet. Its routing table (just a default gateway) could be the ASA data interface (although that's a bit recursive-seeming it should work as they are completely separate software images).

Hey Marvin

I have tried the second option of FXOS management and ASA data interface in same subnet but it did not work. I'll try it again though.

Thanks

Depending how you are approaching it (with the ASA dataplane being the gateway) you may also need some other settings (like "same-security intra-interface" if coming from inside or a NAT and ACL if coming from outside).

Got this working guys. Thanks a lot for your valuable help.

 

FXOS and ASA mgmt interface -  switch  VLAN 1 -- gateway - int vlan 1

ASA data interface- switch VLAN 2

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: