Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1314
Views
0
Helpful
9
Replies

ASA with SFR mgmt interface

Steven Williams
Level 4
Level 4

‎01-02-2019 10:50 AM - edited ‎03-12-2019 07:12 AM

Can you still give the mgmt interface and IP address and use it for out of band mgmt ssh access even though the ASA has an SFR module?

Labels:
0 Helpful
9 Replies 9

Abheesh Kumar
VIP Alumni
VIP Alumni

‎01-02-2019 10:54 AM - edited ‎01-02-2019 11:00 AM

Hi Steven,

You can use management interface as out-of-band management for ASA even though you are using SFR module.

You need to specify the route and SSH access via Management interface.

 

Thanks,
Abheesh
PS: Please don't forget to vote as helpful and select as validated answer if this answered your question. 

0 Helpful

Steven Williams
Level 4
Level 4
In response to Abheesh Kumar

‎01-02-2019 12:35 PM

Can you use TACACS on the mgmt interface? I seem to have issues with it not sure if its due to the sfr
0 Helpful

Sheraz.Salim
VIP
VIP
In response to Steven Williams

‎01-02-2019 12:44 PM - edited ‎01-02-2019 01:10 PM

@Steven Williams

TACACS work fine on mgmt interface with SFR what issue you having?

there was issue in past with 9.5.1 what software you on?

 

 

also make sure you interface have the following config

 

interface man0/0

 management-only

 nameif mgmt

 security-level 100

 ip address x.x.x.x x.x.x.x

 no shut

!

have you try this command.

test aaa-server authentication TACACS+

 Server IP address or name: x.x.x.x

 username: tango

 password: x.x.x.x

please do not forget to rate.
0 Helpful

Steven Williams
Level 4
Level 4
In response to Sheraz.Salim

‎01-02-2019 12:52 PM

9.6.3
interface Management1/1
management-only
nameif mgmt
security-level 0
ip address 10.81.0.102 255.255.255.0 standby 10.81.0.103
!
access-list MGMT_ACCESS_IN extended permit ip any any
!
aaa-server TACACS protocol tacacs+
reactivation-mode depletion deadtime 2
aaa-server TACACS (mgmt) host 10.20.0.85
key *****
aaa-server TACACS (mgmt) host 10.81.3.25
key *****
user-identity default-domain LOCAL
aaa authentication enable console TACACS LOCAL
aaa authentication serial console TACACS LOCAL
aaa accounting ssh console TACACS
aaa accounting serial console TACACS
aaa accounting enable console TACACS
aaa accounting command TACACS
!
route mgmt 0.0.0.0 0.0.0.0 10.81.0.1 1
!

never reaches the tacacs server. I can ping it though.
0 Helpful

Sheraz.Salim
VIP
VIP
In response to Steven Williams

‎01-02-2019 05:28 PM

similar case what you having with 9.5.1 CSCuw26653:

please do not forget to rate.
0 Helpful

Steven Williams
Level 4
Level 4
In response to Sheraz.Salim

‎01-03-2019 05:21 AM

i dont understand the work around though nor do I understand what version this is fixed in. I removed the "management-access mgmt" command with no change.

0 Helpful

Sheraz.Salim
VIP
VIP
In response to Steven Williams

‎01-03-2019 06:18 AM

can you not open a TAC case?

please do not forget to rate.
0 Helpful

Steven Williams
Level 4
Level 4
In response to Sheraz.Salim

‎01-03-2019 07:03 AM

I can, was just trying to see if I could resolve here with peers first.
0 Helpful

Sheraz.Salim
VIP
VIP
In response to Steven Williams

‎01-03-2019 07:25 AM

sure. welcome. kindly please share your TAC case finding with us.

 

Regards,

Radio.

please do not forget to rate.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card