cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2696
Views
25
Helpful
7
Replies

FPR-2100 Default gateway for mgmt on ASA

WiLL-I-Am
Level 1
Level 1

If Mgmt1/1 interface is on another subnet, how can I put a different gw for that?(or something like a vrf)

or it uses the default gw that I already setup on FX-OS?!lol

but what about 5555x that doesn't have FX-OS?

 

Thanks,

2 Accepted Solutions

Accepted Solutions

balaji.bandi
Hall of Fame
Hall of Fame

depends on your environment, if you like only management traffic route to send to the management domain, you can also use 

 

route management  y.y.y.y z.z.z.z  y.y.y.1  ( y - your netwok z - is subnet mask)  .1 think your manamgnent gateway.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

I think in ASA when you put an interface at the beginning of the route command it means this is a separate routing table?

This is not the case in the ASA as the ASA only has a single routing table. The ASA does not support different routing tables as what you would have with VRFs.  You could use contexts to achieve something similar though.  If you add two default routes on the ASA only one of the default routes would be active.

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

ASA  you can have like below :

 

route management 0.0.0.0 0.0.0.0 x.x.x.x

 

FXOS  

# set out-of-band static ip 192.168.4.1 netmask 255.255.255.0

 

is this what you looking?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

right!, thanks

I kinda knew that!

I think what I m confused about is the route command on IOS vs ASA have kind of a different meaning

in IOS this means you have two routes(and their according out going interfaces) to choose from when you wanna default something out..
IP route 0.0.0.0 0.0.0.0 twe1/1
IP route 0.0.0.0 0.0.0.0 twe1/2
but in ASA I don't think all the other type of traffics will use management default route to go out, they use outside interface automatically even if we don't have any NAT in place which takes precedence over route decision making!

I think in ASA when you put an interface at the beginning of the route command it means this is a separate routing table?!

routing table 1

route management 0.0.0.0 0.0.0.0 x.x.x.x

 

routing table 2

route outside 0.0.0.0 0.0.0.0 x.x.x.x

route outside 100.0.0.0 255.0.0.0 x.x.x.x

 

I am so confused

I think in ASA when you put an interface at the beginning of the route command it means this is a separate routing table?

This is not the case in the ASA as the ASA only has a single routing table. The ASA does not support different routing tables as what you would have with VRFs.  You could use contexts to achieve something similar though.  If you add two default routes on the ASA only one of the default routes would be active.

--
Please remember to select a correct answer and rate helpful posts

sorry I want to ask this to be clarified

so if I have some static routes on my ASA like this

route management 0.0.0.0 0.0.0.0 x.x.x.x

route outside 0.0.0.0 0.0.0.0 x.x.x.x

 

and say I don't have no NAT-ing in place, is it possible that some traffic coming from the inside interface choose to go out of management interface?


This is not the case in the ASA as the ASA only has a single routing table. The ASA does not support different routing tables as what you would have with VRFs. 


That is only partly right. There is a separate routing-table for interfaces labelled "management-only". It is a kind of VRF-ultra-light, in that it doesn't understand overlapping IPs and so on. But you can have a different routing table for traffic to and from the control plane via the managament-only interface.

ASAs used to have only a single routing table.

The management-only routing table was added in ASA software version 9.5.

https://www.cisco.com/c/en/us/td/docs/security/asa/roadmap/asa_new_features.html#reference_AFFBD30E162448BCA88376D187C2E412

 

balaji.bandi
Hall of Fame
Hall of Fame

depends on your environment, if you like only management traffic route to send to the management domain, you can also use 

 

route management  y.y.y.y z.z.z.z  y.y.y.1  ( y - your netwok z - is subnet mask)  .1 think your manamgnent gateway.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Review Cisco Networking for a $25 gift card