Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1622
Views
5
Helpful
3
Replies

Disabled management interface on ASA 5516-x

Go to solution
jcincbus
Level 1
Level 1

‎12-07-2015 01:43 PM - edited ‎03-12-2019 12:00 AM

I made the mistake of disabling the Management1/1 interface on my ASA and now that I've renabled it, I have been having trouble accessing management features on this interface. Disabling the interface seems to have wiped a bunch of settings from the config and sadly I didn't have a backup of the config. I tried to factory reset to no avail. 

I have been able to regain access to ADSM and SSH, but I have concerns. What else could this have wiped out that I'm not aware of and will cause problems?

So far I've run, the following config commands in console to get access sorted.

in config-if for management1/1

nameif Management

Security-level 100

ip address 192.168.20.1 255.255.255.0

from config

http  192.168.20.0 255.255.255.0 Management (which got ADSM working)

ssh 192.168.20.0 255.255.255.0 Management (which allowed me to connect on 22, but got an error regarding RSA)

crypto key zeroize rsa

crypto key generate modulus 2048 (This combo fixed the RSA error, but I couldn't authenticate with my user credentials)

aaa authentication ssh console LOCAL (got me back in on SSH on management1/1)


But I'm concerned I'm still missing some settings. Has anyone else gone through this? The command preview for unchecking "Enable interface" in ADSM simply shows 

Interface Management1/1 shutdown

so it hasn't been much help in retracing what paths this ASA went down after that fateful apply and subsequent write.... is there a way really blow it back to factory? "Reset Device to Factory Default Configuration" in ADSM doesn't do the trick.

Thank you for any help on the matter.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Maykol Rojas
Cisco Employee
Cisco Employee

‎12-08-2015 07:51 AM

Hello; 

if you just shutdown the interface, it should have not removed all the commands you are mentioning. Yes, you should have lost access via ASDM, SSH, but only through the management interface.

Other things that may have cause an access issue would be modules, such as the SrcFire module. 

Mike. 

Mike

View solution in original post

3 Replies 3

Go to solution
jcincbus
Level 1
Level 1

‎12-08-2015 06:21 AM

Looks like a write erase did the trick a bit more completely.

0 Helpful

Go to solution
Maykol Rojas
Cisco Employee
Cisco Employee

‎12-08-2015 07:51 AM

Hello; 

if you just shutdown the interface, it should have not removed all the commands you are mentioning. Yes, you should have lost access via ASDM, SSH, but only through the management interface.

Other things that may have cause an access issue would be modules, such as the SrcFire module. 

Mike. 

Mike

Go to solution
jcincbus
Level 1
Level 1
In response to Maykol Rojas

‎12-08-2015 08:27 AM

I think factory reset led to the need for much of these commands. But there was still something not right and since it was not production equipment, barely modified, it was easiest just to start fresh. ADSM didn't do the trick. I wouldn't recommend running write erase for production equipment.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card