Solved: Re: Enable Configuring the Management Access List

George Sofroniadis · ‎06-22-2020

hello to everyone,

by mistake i disable the Management Interface and from then i am not able to login to the web interface of the device.

could you help me to enable it again through command line, i connect to the device through a cable with a serial port

thanks

Rob Ingram · ‎06-22-2020

So your management IP address is the default 192.168.45.45, can you not assign an IP address to your laptop on the 192.168.45.x network and connect to FDM?

View solution in original post

George Sofroniadis · ‎06-22-2020

i connect to the management interface and i login successfully.Great!!

BUT the way that i logined to the device was from the inside interface where a laptop is connected.
the inside network is 192.168.1.0 255.255.255.0 192.168.1.1
so i connect to https://192.168.1.1 is it possible to do that!!
Thanks a lot!!

View solution in original post

Rob Ingram · ‎06-22-2020

What software are you running? FTD or ASA?

George Sofroniadis · ‎06-22-2020

FTD v 6.6.0 firepower 1140

Rob Ingram · ‎06-22-2020

You've disabled or deleted the IP address of the FTD management IP address? Re-add the IP address

>configure network ipv4 manual 10.88.243.253 255.255.255.128 10.88.243.1

To configure the device to accept HTTPS connections from specified IP addresses, use the configure https-access-list command.

configure https-access-list 0.0.0.0/0

Provide the output of "show network" if you stil have a problem.

George Sofroniadis · ‎06-22-2020

i am glad to hear that because i run this command before i wrote to community,
Although the message that i received was "the https access list was changed successfully" i am not able to see the web interface of the device. is anything else that i have to do ?

Rob Ingram · ‎06-22-2020

I updated the post above at the same time you responded. Provide the output of "show network"

George Sofroniadis · ‎06-22-2020

Rob Ingram · ‎06-22-2020

So your management IP address is the default 192.168.45.45, can you not assign an IP address to your laptop on the 192.168.45.x network and connect to FDM?

George Sofroniadis · ‎06-22-2020

i connect to the management interface and i login successfully.Great!!

BUT the way that i logined to the device was from the inside interface where a laptop is connected.
the inside network is 192.168.1.0 255.255.255.0 192.168.1.1
so i connect to https://192.168.1.1 is it possible to do that!!
Thanks a lot!!

George Sofroniadis · ‎06-22-2020

i did it!! thanks a lot for your help!!

Rob Ingram · ‎06-22-2020

Yes that is possible, you've currently permitted management over the data interfaces. You can control that by navigating to Device: DEVICENAME > System Settings > Management Access and select which interface you want to manage the device on, which source networks and what ports (https/ssh).

You may want to check that you aren't unintentionally permitting management access on the outside interface.

George Sofroniadis · ‎06-22-2020

FTD v 6.6.0 firepower 1140

balaji.bandi · ‎06-22-2020

Make sure you also have alternative method of login, if you lock yourself - there is no way to recover other than re-imaging.

So suggest to have wide network or devices in place and test before you commit and deploy.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help