09-27-2006 06:29 AM - edited 02-21-2020 01:11 AM
What is the recommended configuration for the management port on an ASA when in single contect mode and OSPF enabled.
Im in the process of migrating from a 525 to 5520. Im not sure how to handle the routing for accessing the management interface. I use OSPF to obtain my inside network routing, and I wonder how accessing the management port from another network will work.
10-03-2006 03:29 PM
What version of software are you using in the ASA box ?
10-03-2006 05:21 PM
We are using 7.2(1)
10-04-2006 03:18 AM
Hi,
You just need to treat it like any other interface. Say you connect from network A - assuming it's not directly connected to the ASA then you'll need a static route to network A from the ASA (pointing to whatever the next hop on the management lan is).
In our environment we can't use management-only interfaces because the management stations need internet access as well, which happens to pass through the ASA - so we just manage using the inside interface IP.
They make good failover interfaces tho' ;-)
HTH
Andrew.
11-29-2006 01:40 AM
Hi Andrew, I am just about to setup a new ASA 5520 and was wondering that very thing you mentioned, using the management interface for failover. Are there any problems with doing this?
Thank you
Brian
11-29-2006 07:15 AM
Hi Brian,
We did very thorough lab testing with this and the management interfaces performed just like normal ones when configured "no management-only". Since implementation we've had a couple of real failover situations and it's all worked perfectly.
HTH
Andrew.
11-30-2006 12:36 AM
Thank you Andrew for the info.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide