05-26-2015 03:34 AM - edited 03-11-2019 11:00 PM
Hi
I have ASA 5525X firewalls with FirePOWER. I have read the deployment guide but just have a few questions.
The ASAs will be connected to my L3 core switch. I just want to confirm if my understanding of this is correct. This is just the initial setup.
Management VLAN100 on core switch - 192.168.10.1 /24
ASA Interface G1/1 (Mgmt Interface) - 192.168.10.2
FirePOWER Mgmt IP- 192.168.10.3
Route Management 192.168.10.0 255.255.255.0 192.168.10.1
Then I will session into the sfr module to set the management IP of 192.168.10.3
Will that work or am I missing something.
Thanks
Solved! Go to Solution.
05-26-2015 12:13 PM
No, the FirePOWER module only works on the m0/0 interface. If that is connected to your mgmt-network, the default-route needs to point to the next L3-interface in that network.
05-26-2015 10:21 AM
You don't need a route for your directly connected management-network, but your FirePOWER-Module needs a default-route to your L3-Switch 192.168.10.1.
On The ASA, there is no interface Gig1/1, but an interface Gig0/1 that by default is a "normal" traffic-passing-interface or the m0/0 which is the dedicated management-port that doesn't pass any user-traffic.
05-26-2015 11:58 AM
Thanks Karsten. Yes I meant M0/0 interface.
Just another question, the route to the inside, does this point via the inside interface for firepower
Thanks
05-26-2015 12:13 PM
No, the FirePOWER module only works on the m0/0 interface. If that is connected to your mgmt-network, the default-route needs to point to the next L3-interface in that network.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide