Solved: ASA5515X-IPS management 0/0 to LAN

rdsalmans · ‎10-23-2012

I've recently setup two ASA5515X in A/S each with IDS. When I had them in the lab I was able to access the IPS's via IME but now that it's at the datacenter it's not working (of course). I've got the IPS configured with an IP on our LAN and the ASA's Management0/0 interface configured as:

interface Management0/0

no nameif

security-level 100

no ip address

management-only

The Management0/0 interface is plugged into a switchport on our LAN VLAN. From the ASA it's seeing the IPS as Up and I've verified the IPS network settings. Any ideas? Did I forget something? TIA!

Julio Carvajal · ‎10-23-2012

Hello,

Okay. Let us know any update.

The person in charge of the case will have access to the box so he or she will be able to run some captures.

It is weird that you do not have the MAC address of the IPS module on the switch, I would check the layer 2 topology first.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Julio Carvajal · ‎10-23-2012

Hello,

So you cannot access the IPS from the inside network right?, what is the Ip address you have provided to the IPS?, what is the default gateway ip of the IPS? What is the internal subnet network?

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

rdsalmans · ‎10-23-2012

That is correct, I'm unable to access the IPS from the LAN subnet of 192.168.173.0/24.

The IPS is 192.168.173.221, default gateway is the core switch at 192.168.173.254.

Sent from Cisco Technical Support iPhone App

Julio Carvajal · ‎10-23-2012

Hello,

Can you change the default-gateway to the ASA internal Ip address??

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC