10-17-2018 12:45 PM - edited 02-21-2020 08:22 AM
I have a management network for most all of my gear which sits in the same network as the management interface on my asa 5516-X interface. It's basically a simply L3 vlan that all the management interfaces on servers, network gear, etc connect to. On every thing else, the management interface is on the mgmtVrf (or it's equivalent on non-Cisco gear). Some of the devices on that network need to get out to the outside interface for NTP, updates, etc. I cannot remove the management-only config on that interface. I do use that interface for ASDM and FP access.
How can I go about allowing certain traffic out the internet or DMZ from the Management interface/network on the ASA? I was thinking about creating transit network that my management network could use and then just use an inside interface on the ASA...but that just seems wrong to me.
10-17-2018 12:53 PM
it is possible but what is that certain traffic ? but management is only for OOB for best practice.
10-17-2018 01:07 PM
11-03-2018 04:17 PM
the asa mgmt interface does not pass normal data traffic unless you use the int sub-cmd - no management-only.
hope that helps.
azam
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide