I have a Firepower 2100 (Firewall A) with logical ASA image with a default route pointed towards management interface..i have 2 more subinterface on the same firewall..one is Inside and the other points towards Firewall B.. i want to integrate Firewall with a Cisco ISE Server which is located behind Firewall B.. IP of ISE server is 192.168.1.11 and i have a route 192.168.1.0/24 in Firewall A pointed towards Firewall B via a subinterface...my issue is that i want Firewall A to communicate with ISE Server via Management interface..i have necessary routing set up in the intermediate devices in that path.. but even after adding a route 192.168.1.11 towards management interface in Firewall A.. traffic is going to Firewall B via transit path ..all routing is static.. i am not able to understand why static route 192.168.1.11 towards management is not working and the firewall is preferring 192.168.1.0/24 route towards transit..please assist
I don't think that is possible, the management interface is used for management features such as ssh, snmp, http (asdm), syslog. The RADIUS traffic would be routed via a data interface.
Thanks..is there a document which i can use as a reference for this ?
Moreover..this doesnt apply to multi context ASA ? because i had a diff set up with multi context FWs.. there i was able to route TACACS traffic via admin context
If you want the radius traffic to source from the management interface, you need to define that on the radius server configuration. We do radius, tacacs and ldap through the management network.
