03-19-2009 09:59 AM - edited 03-11-2019 08:07 AM
I have a new 5520 ASA that I am putting on to the network tonight. I set up the management port with the address of our management subnet and have it plugged into our core switch but for some reason I can't reach it via SSH, telnet or the ASDM. I have set up rules in the ASA to allow access to the device from my subnet to the ASA via SSH, telnet and http. I have a switch on the network that is also set up to use this network for management and I can reach the switch from my desk. Both the switch that I can reach and the ASA that I can't reach are plugged in to the same core switch.
Does anyone have any ideas as to why I can't access the management port?
P.S. I did take off the DHCP configuration on the ASA that gives IP addresses to devices plugged in to the management port.
03-19-2009 12:54 PM
Hi Malinda,
Can you post a sanitized version of your configuration? If so, please include the IP address of the client that you are trying to access the ASA from.
-Mike
03-19-2009 01:07 PM
Actually I think I figured out the problem...
Our inside network is the 10. network and there is a route in the ASA to send all the traffic for the 10. network out the inside interface. We don't have the inside interface connected yet so that is probably why we can't get a response...all the return traffic is getting sent to the inside interface instead of the management.
One other thing I wonder about though...
All the traffic that is sent out through the firewall is NATed to a different address as it goes out.
Our internal network is mainly 10.50.0.0/16 and 10.80.0.0/16 networks.
The route on the ASA says to send all traffic for 10.0.0.0 through the inside interface.
Our IT department is all on the 10.80.10.0/28 network.
If I put a route on the ASA that specified that the traffic received from 10.80.10.0/28 network would be sent back out the management port would that send general traffic that had been NATed out to the internet and was coming back in through the management port as well? Or would it go out the inside interface because it originated from that interface?
Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide