thanks but "cringe" is an understatement. ;)

I'm curious to why this would make some admins "cringe" at the thought combining DMZs on a single gig interface? It would seem like a waste to dedicate an expensive gig port for a single DMZ if that DMZ only required an average of a few Mbps... I only say this because I'm curious if there are ill effects that can occur by doing this as I do it on my network.

Thanks for any input you can provide.

if trying to do a quick 1-for-1 swap, then goinv to SVI's and other methods is time consuming. Specially if you have not done it before. ;)

I agree, burning a gig interface is crazy. What is more crazy is why cisco doesn't offer for the ASA a 4-port 10/100 meg card for about $400-800.00.

I'm curious to why this would make some admins "cringe" at the thought combining DMZs on a single gig interface? It would seem like a waste to dedicate an expensive gig port for a single DMZ if that DMZ only required an average of a few Mbps... I only say this because I'm curious if there are ill effects that can occur by doing this as I do it on my network.

Thanks for any input you can provide.

taken from the 7.2 documentation:

The ASA 5510 and higher adaptive security appliance includes a dedicated management interface called

Management 0/0, which is meant to support traffic to the security appliance. However, you can configure

any interface to be a management-only interface using the management-only command. Also, for

Management 0/0, you can disable management-only mode so the interface can pass through traffic just

like any other interface.

Good to now that is what the docs say. But try to use it as an interface for A/S failover... not supported. But isn't that passing traffic just like "any other interface"? :)

Has anyone used the mgt interface a 3rd DMZ interface or an extranet interface for normal traffic?

management can works as a Failover Interface and also as a normal Ethernet Interface

You need Security Plus License and a command no man-only to make it working like ethernet port

I again reiterate you can use management port as failover Interface

I am almost sure cisco does not support using the mgt interface as failover interface. I read that somewhere. will try and see where that info is...

For some reason I can use the management ports for failover on my 5510's but not my 5540's... This probably just adds to the confusion on this tread but I thought it was important!

fantastic info to have! That would be where the confusion was on my side.

Cisco has a "here is how to us Mgt as f/o, but not supported" doc around on the site somewhere.

Attached is the cisco doc I used to set it up along with my config for the Management0/0 interface. This only worked on my 5510's though, not my 5540's for some reason. That could, of course, be something on my end though.

PRIMARY:

failover

failover lan unit primary

failover lan interface failover Management0/0

failover link failover Management0/0

failover interface ip failover 10.254.254.5 255.255.255.252 standby 10.254.254.6

SECONDARY:

failover

failover lan unit secondary (default)

failover lan interface failover Management0/0

failover link failover Management0/0

failover interface ip failover 10.254.254.5 255.255.255.252 standby 10.254.254.6