08-03-2007 11:24 AM - edited 02-21-2020 01:37 AM
Hi,
I have a big network comprising of 10.0.0.0
my inside interface ip is 10.100.1.1 /24
my management interface ip is 10.150.1.1 /24
The default inside route in my ASA is
route INSIDE 10.0.0.0 255.0.0.0 10.100.1.1
From my user network - 10.200.1.X, i try to access the management interface, it does not connect ...
So i put a static route on the ASA
route MGMT 10.200.1.0 255.255.255.0 10.150.1.1
Then it works i am able to connect to ASDM & SSH
Question -
Is all return path for the network 10.200.1.X ( including internet return traffic ) coming via the management interface ?
If yes .. what is the solution to this ?
08-03-2007 11:41 AM
why do you list the ASA inside IP as the default inside route?
route INSIDE 10.0.0.0 255.0.0.0 *10.100.1.1*
It should be pointed to something else internally. The MGMT interface just needs to plug into a switchport set up for the proper vlan - and treat it as a host port.
Any host on your user network (10.200.1.x) should be able to get to 10.150.1.1 without going through the inside interface of the ASA.
ie, there should be something doing internal routing for you, whether it's a router or multilayer switch, or something.
you could optionally turn on routing on the inside interface of the asa as well, assuming you were running an internal routing protocol also.
08-03-2007 08:43 PM
Sorry i gave you the wrong info
My L3 Device ( Default gateway for my internal LAN ) - is 10.100.1.10
10.200.1.10 is the L3 device IP for the management network.
The default inside route in my ASA is
route INSIDE 10.0.0.0 255.0.0.0 10.100.1.10
The route i put for management is
route MGMT 10.200.1.0 255.255.255.0 10.150.1.10
If the above route is not present -
when a user from the user network, 10.150.1.1 tries to reach the management port, the packet goes to the layer 3 switch, then to the Management Interface & then the return path comes back via the Internal interface due the the default static Route
route INSIDE 10.0.0.0 255.0.0.0 10.100.1.10
If i put the route
route MGMT 10.200.1.0 255.255.255.0 10.150.1.10
then the return traffic from the ASA comes back via the MGMT interface
The issue for me is i need to reach the management interface without putting any static route through the management interface because all inside routes are via the INSIDE interface
08-06-2007 08:56 AM
Hello All,
Can anyone help me with this ?
08-06-2007 11:23 AM
Under your management interface, does it say management-only?
08-09-2007 04:29 AM
yes
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide