06-10-2013 11:43 AM - edited 03-11-2019 06:55 PM
I am configuring a brand new pair of ASA 5512s running 8.6(1). Traditionally we hae been using the Management port as the dedicated failover link, but that seems to not be possible on the 5512s.
ASA (config-if)# no management-only
ERROR: It is not allowed to make changes to this option for management interface on this platform.
I have not been able to find anything in the official documentation mentioning this restriction.
Does anybody know if this is indeed the case or if I am just missing something?
Thanks
Joerg Grau
Solved! Go to Solution.
06-10-2013 12:23 PM
Hi,
I think this is what you are looking for
Management Port Configuration Changes
The ASA 5500-X Series introduced a shared management port for firewall and IPS services.,There are certain caveats to follow during migration from the ASA 5500 Series.• The shared management port cannot be used as a data port. All through-the-box traffic arriving at the management port will be dropped implicitly. This cannot be disabled.
• The shared management port cannot be used as a part of a high availability configuration.
If the ASA management port (M0/0) on the ASA 5500 Series appliance was being used as a data port, the configuration associated with that port should be moved to one of the gigabit data ports numbered above G0/3.
Source:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5709/ps6120/guide_c07-727453.html
Though I guess you have to take into consideration when we compare the old ASA5500 Series and the new ASA5500-X that the new series actually has 2 more physical interfaces than all previous corresponding models had.
Though it still might feel a waste of a Gigabit interface in a sense.
Hope this helps
Please remember to mark the reply as the correct answer if it answered your question.
- Jouni
06-10-2013 12:23 PM
Hi,
I think this is what you are looking for
Management Port Configuration Changes
The ASA 5500-X Series introduced a shared management port for firewall and IPS services.,There are certain caveats to follow during migration from the ASA 5500 Series.• The shared management port cannot be used as a data port. All through-the-box traffic arriving at the management port will be dropped implicitly. This cannot be disabled.
• The shared management port cannot be used as a part of a high availability configuration.
If the ASA management port (M0/0) on the ASA 5500 Series appliance was being used as a data port, the configuration associated with that port should be moved to one of the gigabit data ports numbered above G0/3.
Source:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5709/ps6120/guide_c07-727453.html
Though I guess you have to take into consideration when we compare the old ASA5500 Series and the new ASA5500-X that the new series actually has 2 more physical interfaces than all previous corresponding models had.
Though it still might feel a waste of a Gigabit interface in a sense.
Hope this helps
Please remember to mark the reply as the correct answer if it answered your question.
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide