Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2110
Views
0
Helpful
6
Replies

Can we have separate physical interfaces for management in multi context.

Go to solution
Ramakrishnan G.
Level 1
Level 1

‎07-17-2015 05:12 AM - edited ‎03-11-2019 11:16 PM

Can anyone suggest on the below.

I've a special requirement of implementing a separate physical interface for management on the newly added contexts. I understand we can allocate the same physical interface(which is connected to an access port) to multiple context or we can assign the sub-interfaces(which is connected to a trunk port) of same physical link to multiple contexts for management.  But is it possible to have 2 separate physical links in ASA for management and these two interfaces will be used in two different contexts.

Or in other words can I use two separate physical links in ASA for firewall management. One for admin context management and one for another context.

 

Regards,

Kris

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Vibhor Amrodia
Cisco Employee
Cisco Employee

‎07-17-2015 10:17 PM

Hi,

Let me clarify , Management interface on the ASA device is a normal DATA interface which is specifically used to manage the ASA device possibly via SSH , TELNET, ASDM etc.

I think for these functions you can assign any interface to that context and enable these features for managing the ASA device.

Does that clear your query ?

Thanks and Regards,

Vibhor Amrodia

View solution in original post

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP

‎07-17-2015 11:47 PM

But is it possible to have 2 separate physical links in ASA for management and these two interfaces will be used in two different contexts.

Yes, you would just need to allocate the physical interfaces to the contexts under the system context.  Just keep in mind that when you log in to the admin context you will be able to switch between different contexts by using the changeto context command. However, if you login to a different context directly you will be restricted to only that context and will not be able to change to another context from that context.

Any interface on the ASA can be used for management of the ASA so long as it has network connectivity.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Vibhor Amrodia
Cisco Employee
Cisco Employee

‎07-17-2015 10:17 PM

Hi,

Let me clarify , Management interface on the ASA device is a normal DATA interface which is specifically used to manage the ASA device possibly via SSH , TELNET, ASDM etc.

I think for these functions you can assign any interface to that context and enable these features for managing the ASA device.

Does that clear your query ?

Thanks and Regards,

Vibhor Amrodia

0 Helpful

Go to solution
Ramakrishnan G.
Level 1
Level 1
In response to Vibhor Amrodia

‎07-18-2015 03:58 AM

Thanks Vibhor for your response. So the conclusion is there's no such limitations in ASA for configuring multiple physical interfaces as management 

0 Helpful

Go to solution
Vibhor Amrodia
Cisco Employee
Cisco Employee
In response to Ramakrishnan G.

‎07-18-2015 04:13 AM

Hi,

Yes , there is no such restriction.

Thanks and Regards,

Vibhor Amrodia

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP

‎07-17-2015 11:47 PM

But is it possible to have 2 separate physical links in ASA for management and these two interfaces will be used in two different contexts.

Yes, you would just need to allocate the physical interfaces to the contexts under the system context.  Just keep in mind that when you log in to the admin context you will be able to switch between different contexts by using the changeto context command. However, if you login to a different context directly you will be restricted to only that context and will not be able to change to another context from that context.

Any interface on the ASA can be used for management of the ASA so long as it has network connectivity.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
Ramakrishnan G.
Level 1
Level 1
In response to Marius Gunnerud

‎07-18-2015 03:53 AM

Thanks Marius,

I was in an assumption that when we migrate the existing management interface of an admin context to a separate physical interface it throw up some error. I don't have a lab to test it. 

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to Ramakrishnan G.

‎07-18-2015 04:43 AM

are you talking about using a normal routed interface for management access? or using the command management-only on an interface?  Either way you can use any interface that has network connectivity for management access, and you can configure as many interfaces as you want with the management-only command.  just keep in mind that interfaces with the management-only command configured will not pass normal data traffic.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card