Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
860
Views
0
Helpful
3
Replies

Management access to transparent multimode security contexts

Jtown_5454
Level 1
Level 1

‎01-24-2013 09:00 AM - edited ‎03-11-2019 05:51 PM

Hello everyone and thanks you in advance for any help. I have setup a 5515-X in transparent multi-mode and setup 5 security contexts with inside and outside ports, one admin and 4 others. The problem I have run into is setting up a management IP for each context. On one of my other transparent firewalls in production we were able to apply an IP to the security context (not interface) however the new firewall is running the latest software and this same functionality is not available. The only options for IP in context mode is IP AUDIT. So my next plan was to create sub-interfaces of the management interface and assign one to each context however the 5515-x does not allow sub-interfaces on the management interface. Can someone let me know how i setup a management IP on each context?

Another interesting thing i read is that the managment IP assigned to a context  (if i could figure out how to set it up), has to be in the same subnet as the data interface which if fine but it also says that the management interface should not be connected to the same switch as the data interface because of MAC address table update issues, meaning that i could not use a sub-interface of one of the already configured context ports.

any suggestions?

Labels:
0 Helpful
3 Replies 3

Julio Carvajal
VIP Alumni
VIP Alumni

‎01-24-2013 09:37 AM

Hello,

This is because on newer versions we used what is called Bridge groups so it will allow us to have more than one ip assigned to the ASA while being on routed mode.

Here is a brief description:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/interface_complete_transparent.html

http://laguiadelnetworking.com/2012/12/20/el-uso-de-bvi-en-el-asa/ ( My blog but this topic is on spanish, you will see the configuration part on english )

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Jtown_5454
Level 1
Level 1
In response to Julio Carvajal

‎02-01-2013 07:47 AM

thanks jcarvaja, that did get me a little further however i am still not able to SSH or ASDM into the firewall. I have noticed an erorr that says something like "no management IP address setup for transparent firewall". My 5515 does have a management port, do i have to have it setup and connected in order to manage the firewall?

0 Helpful

Jtown_5454
Level 1
Level 1
In response to Jtown_5454

‎02-01-2013 08:26 AM

I have resoleved this. After setting up a BVI for all 5 contexts (admin and four other) and assigning an IP to each i was still not able to connect either SSH or ASDM to the admin context. I ended up fixing it by removing the BVI IP from the admin context, adding the Management interface 0/0 to the admin context and assigning it the IP and i can now manage.

thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card