Solved: ASA Appliance Management Interface Routing

robert.horrigan · ‎01-03-2012

Hello ASA Experts,

Looking for assistance with routing on an ASA in terms of the management interface. I've always had sketchy results so never really used the Man interface but now I have to. My question is will the below cause issues or does it work like a VRF on a router?:

route inside 0.0.0.0 0.0.0.0 10.1.1.1

route management 0.0.0.0 0.0.0.0 10.2.2.2

Basically will this cause an outage by routing packets through both interfaces or will this work just fine?

Any assistance would be much appreciated.

/r

Rob

Christopher Hayre · ‎01-06-2012

Rob,

All ASA interfaces, including those labeled management, share the same routing table (assuming routed mode, single-context). Thus, you need to be consciencious of packet flow through the device to avoid forwarding traffic out the wrong interface or asyncronously.

Best,

Christopher

View solution in original post

cadet alain · ‎01-03-2012

Hi,

the management interface will not forward data traffic so normally it should not cause any problem for inside data traffic but I've never tried it though.

Regards.

Alain

Don't forget to rate helpful posts.

Marvin Rhoads · ‎01-03-2012

There is some documentation of how routing decisions are made in ASAs in the configuration guide. You can have a default on multiple interfaces but I haven't seen the need to put one on management interface before. Running an actual routing protocol (like OSPF or EIGRP) is preferable.

It's not really like a VRF in that there is only one RIB on an ASA.

Christopher Hayre · ‎01-06-2012

Rob,

All ASA interfaces, including those labeled management, share the same routing table (assuming routed mode, single-context). Thus, you need to be consciencious of packet flow through the device to avoid forwarding traffic out the wrong interface or asyncronously.

Best,

Christopher

robert.horrigan · ‎01-09-2012

Christopher,

Thanks a lot.

Rob