Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2756
Views
25
Helpful
7
Replies

FPR-2100 Default gateway for mgmt on ASA

Go to solution
WiLL-I-Am
Level 1
Level 1

‎10-30-2020 04:10 PM - edited ‎11-01-2020 07:21 PM

If Mgmt1/1 interface is on another subnet, how can I put a different gw for that?(or something like a vrf)

or it uses the default gw that I already setup on FX-OS?!lol

but what about 5555x that doesn't have FX-OS?

 

Thanks,

2 Accepted Solutions

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎11-01-2020 10:46 AM

depends on your environment, if you like only management traffic route to send to the management domain, you can also use 

 

route management  y.y.y.y z.z.z.z  y.y.y.1  ( y - your netwok z - is subnet mask)  .1 think your manamgnent gateway.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Go to solution
Marius Gunnerud
VIP
VIP
In response to WiLL-I-Am

‎11-01-2020 02:13 PM

I think in ASA when you put an interface at the beginning of the route command it means this is a separate routing table?

This is not the case in the ASA as the ASA only has a single routing table. The ASA does not support different routing tables as what you would have with VRFs.  You could use contexts to achieve something similar though.  If you add two default routes on the ASA only one of the default routes would be active.

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

7 Replies 7

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎10-31-2020 02:45 AM

ASA  you can have like below :

 

route management 0.0.0.0 0.0.0.0 x.x.x.x

 

FXOS  

# set out-of-band static ip 192.168.4.1 netmask 255.255.255.0

 

is this what you looking?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
WiLL-I-Am
Level 1
Level 1
In response to balaji.bandi

‎11-01-2020 09:35 AM - edited ‎11-01-2020 09:42 AM

right!, thanks

I kinda knew that!

I think what I m confused about is the route command on IOS vs ASA have kind of a different meaning

in IOS this means you have two routes(and their according out going interfaces) to choose from when you wanna default something out..
IP route 0.0.0.0 0.0.0.0 twe1/1
IP route 0.0.0.0 0.0.0.0 twe1/2
but in ASA I don't think all the other type of traffics will use management default route to go out, they use outside interface automatically even if we don't have any NAT in place which takes precedence over route decision making!

I think in ASA when you put an interface at the beginning of the route command it means this is a separate routing table?!

routing table 1

route management 0.0.0.0 0.0.0.0 x.x.x.x

 

routing table 2

route outside 0.0.0.0 0.0.0.0 x.x.x.x

route outside 100.0.0.0 255.0.0.0 x.x.x.x

 

I am so confused

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to WiLL-I-Am

‎11-01-2020 02:13 PM

I think in ASA when you put an interface at the beginning of the route command it means this is a separate routing table?

This is not the case in the ASA as the ASA only has a single routing table. The ASA does not support different routing tables as what you would have with VRFs.  You could use contexts to achieve something similar though.  If you add two default routes on the ASA only one of the default routes would be active.

--
Please remember to select a correct answer and rate helpful posts

Go to solution
WiLL-I-Am
Level 1
Level 1
In response to Marius Gunnerud

‎11-01-2020 06:40 PM - edited ‎11-01-2020 07:21 PM

sorry I want to ask this to be clarified

so if I have some static routes on my ASA like this

route management 0.0.0.0 0.0.0.0 x.x.x.x

route outside 0.0.0.0 0.0.0.0 x.x.x.x

 

and say I don't have no NAT-ing in place, is it possible that some traffic coming from the inside interface choose to go out of management interface?

Go to solution
BERNHARD FABRICIUS
Level 1
Level 1
In response to Marius Gunnerud

‎09-19-2024 06:39 AM

This is not the case in the ASA as the ASA only has a single routing table. The ASA does not support different routing tables as what you would have with VRFs. 

That is only partly right. There is a separate routing-table for interfaces labelled "management-only". It is a kind of VRF-ultra-light, in that it doesn't understand overlapping IPs and so on. But you can have a different routing table for traffic to and from the control plane via the managament-only interface.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to BERNHARD FABRICIUS

‎09-19-2024 10:44 AM

ASAs used to have only a single routing table.

The management-only routing table was added in ASA software version 9.5.

https://www.cisco.com/c/en/us/td/docs/security/asa/roadmap/asa_new_features.html#reference_AFFBD30E162448BCA88376D187C2E412

 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎11-01-2020 10:46 AM

depends on your environment, if you like only management traffic route to send to the management domain, you can also use 

 

route management  y.y.y.y z.z.z.z  y.y.y.1  ( y - your netwok z - is subnet mask)  .1 think your manamgnent gateway.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card