08-30-2021 04:07 AM
I have a Firepower 2100 (Firewall A) with logical ASA image with a default route pointed towards management interface..i have 2 more subinterface on the same firewall..one is Inside and the other points towards Firewall B.. i want to integrate Firewall with a Cisco ISE Server which is located behind Firewall B.. IP of ISE server is 192.168.1.11 and i have a route 192.168.1.0/24 in Firewall A pointed towards Firewall B via a subinterface...my issue is that i want Firewall A to communicate with ISE Server via Management interface..i have necessary routing set up in the intermediate devices in that path.. but even after adding a route 192.168.1.11 towards management interface in Firewall A.. traffic is going to Firewall B via transit path ..all routing is static.. i am not able to understand why static route 192.168.1.11 towards management is not working and the firewall is preferring 192.168.1.0/24 route towards transit..please assist
08-30-2021 04:38 AM
I don't think that is possible, the management interface is used for management features such as ssh, snmp, http (asdm), syslog. The RADIUS traffic would be routed via a data interface.
08-30-2021 06:51 AM
Thanks..is there a document which i can use as a reference for this ?
Moreover..this doesnt apply to multi context ASA ? because i had a diff set up with multi context FWs.. there i was able to route TACACS traffic via admin context
08-30-2021 01:46 PM - edited 08-30-2021 01:56 PM
If you want the radius traffic to source from the management interface, you need to define that on the radius server configuration. We do radius, tacacs and ldap through the management network.
aaa-server ISE_RADIUS (management) host 192.168.1.11
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide